validate: increase OS validation for special cases

Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>
opencontainers · Mar 23, 2017 · 1580403 · 1580403
1 parent ce55f9b
commit 1580403
Showing 1 changed file with 38 additions and 15 deletions.
diff --git a/validate/validate.go b/validate/validate.go
@@ -256,29 +256,52 @@ func (v *Validator) CheckProcess() (msgs []string) {
 		}
 	}
 
-	for _, capability := range process.Capabilities {
-		if err := CapValid(capability, v.HostSpecific); err != nil {
-			msgs = append(msgs, fmt.Sprintf("capability %q is not valid, man capabilities(7)", capability))
+	msgs = append(msgs, v.CheckCapablities()...)
+	msgs = append(msgs, v.CheckRlimits()...)
+
+	if v.spec.Platform.OS == "linux" {
+
+		if len(process.ApparmorProfile) > 0 {
+			profilePath := filepath.Join(v.bundlePath, v.spec.Root.Path, "/etc/apparmor.d", process.ApparmorProfile)
+			_, err := os.Stat(profilePath)
+			if err != nil {
+				msgs = append(msgs, err.Error())
+			}
 		}
 	}
 
-	for index, rlimit := range process.Rlimits {
-		if err := rlimitValid(rlimit); err != nil {
-			msgs = append(msgs, err.Error())
-		}
-		for i := index + 1; i < len(process.Rlimits); i++ {
-			if process.Rlimits[index].Type == process.Rlimits[i].Type {
-				msgs = append(msgs, fmt.Sprintf("rlimit can not contain the same type %q.", process.Rlimits[index].Type))
+	return
+}
+
+func (v *Validator) CheckCapablities() (msgs []string) {
+	if v.spec.Platform.OS == "linux" {
+		for _, capability := range v.spec.Process.Capabilities {
+			if err := CapValid(capability, v.HostSpecific); err != nil {
+				msgs = append(msgs, fmt.Sprintf("capability %q is not valid, man capabilities(7)", capability))
 			}
 		}
+	} else {
+		logrus.Warnf("OS %q has not yet have a special value for capabilities", v.spec.Platform.OS)
 	}
 
-	if len(process.ApparmorProfile) > 0 {
-		profilePath := filepath.Join(v.bundlePath, v.spec.Root.Path, "/etc/apparmor.d", process.ApparmorProfile)
-		_, err := os.Stat(profilePath)
-		if err != nil {
-			msgs = append(msgs, err.Error())
+	return
+}
+
+func (v *Validator) CheckRlimits() (msgs []string) {
+	process := v.spec.Process
+	if v.spec.Platform.OS == "linux" {
+		for index, rlimit := range process.Rlimits {
+			if err := rlimitValid(rlimit); err != nil {
+				msgs = append(msgs, err.Error())
+			}
+			for i := index + 1; i < len(process.Rlimits); i++ {
+				if process.Rlimits[index].Type == process.Rlimits[i].Type {
+					msgs = append(msgs, fmt.Sprintf("rlimit can not contain the same type %q.", process.Rlimits[index].Type))
+				}
+			}
 		}
+	} else {
+		logrus.Warnf("OS %q has not yet have a special value for rlimits", v.spec.Platform.OS)
 	}
 
 	return