Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
iSulad
提交
5c938888
I
iSulad
项目概览
openeuler
/
iSulad
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
I
iSulad
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
5c938888
编写于
9月 10, 2020
作者:
L
lifeng68
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
dev_cgroup_rule: add support device cgroup rule
Signed-off-by:
N
lifeng68
<
lifeng68@huawei.com
>
上级
d9bd321f
变更
13
隐藏空白更改
内联
并排
Showing
13 changed file
with
333 addition
and
25 deletion
+333
-25
src/client/connect/pack_config.c
src/client/connect/pack_config.c
+31
-0
src/client/libisula.c
src/client/libisula.c
+4
-0
src/client/libisula.h
src/client/libisula.h
+3
-0
src/cmd/command_parser.c
src/cmd/command_parser.c
+14
-0
src/cmd/command_parser.h
src/cmd/command_parser.h
+2
-0
src/cmd/isula/base/create.c
src/cmd/isula/base/create.c
+31
-13
src/cmd/isula/base/create.h
src/cmd/isula/base/create.h
+8
-1
src/cmd/isula/client_arguments.c
src/cmd/isula/client_arguments.c
+3
-0
src/cmd/isula/client_arguments.h
src/cmd/isula/client_arguments.h
+3
-0
src/daemon/modules/spec/specs_mount.c
src/daemon/modules/spec/specs_mount.c
+197
-11
src/daemon/modules/spec/verify.c
src/daemon/modules/spec/verify.c
+24
-0
src/utils/cutils/utils_verify.c
src/utils/cutils/utils_verify.c
+11
-0
src/utils/cutils/utils_verify.h
src/utils/cutils/utils_verify.h
+2
-0
未找到文件。
src/client/connect/pack_config.c
浏览文件 @
5c938888
...
...
@@ -1729,6 +1729,30 @@ out:
return
ret
;
}
int
generate_device_cgroup_rules
(
host_config
**
dstconfig
,
const
isula_host_config_t
*
srcconfig
)
{
int
ret
=
0
;
size_t
i
=
0
;
if
(
srcconfig
->
device_cgroup_rules
==
NULL
||
srcconfig
->
device_cgroup_rules_len
==
0
)
{
goto
out
;
}
(
*
dstconfig
)
->
device_cgroup_rules
=
util_smart_calloc_s
(
sizeof
(
char
*
),
srcconfig
->
device_cgroup_rules_len
);
if
((
*
dstconfig
)
->
device_cgroup_rules
==
NULL
)
{
ret
=
-
1
;
goto
out
;
}
for
(
i
=
0
;
i
<
srcconfig
->
device_cgroup_rules_len
;
i
++
)
{
(
*
dstconfig
)
->
device_cgroup_rules
[(
*
dstconfig
)
->
device_cgroup_rules_len
]
=
util_strdup_s
(
srcconfig
->
device_cgroup_rules
[
i
]);
(
*
dstconfig
)
->
device_cgroup_rules_len
++
;
}
out:
return
ret
;
}
int
generate_groups
(
host_config
**
dstconfig
,
const
isula_host_config_t
*
srcconfig
)
{
int
ret
=
0
;
...
...
@@ -1862,6 +1886,13 @@ static int pack_host_config_common(host_config *dstconfig, const isula_host_conf
if
(
ret
<
0
)
{
goto
out
;
}
/* device cgroup rules*/
ret
=
generate_device_cgroup_rules
(
&
dstconfig
,
srcconfig
);
if
(
ret
<
0
)
{
goto
out
;
}
out:
return
ret
;
}
...
...
src/client/libisula.c
浏览文件 @
5c938888
...
...
@@ -351,6 +351,10 @@ void isula_host_config_free(isula_host_config_t *hostconfig)
hostconfig
->
blkio_throttle_write_iops_device
=
NULL
;
hostconfig
->
blkio_throttle_write_iops_device_len
=
0
;
util_free_array_by_len
(
hostconfig
->
device_cgroup_rules
,
hostconfig
->
device_cgroup_rules_len
);
hostconfig
->
device_cgroup_rules
=
NULL
;
hostconfig
->
device_cgroup_rules_len
=
0
;
container_cgroup_resources_free
(
hostconfig
->
cr
);
hostconfig
->
cr
=
NULL
;
...
...
src/client/libisula.h
浏览文件 @
5c938888
...
...
@@ -186,6 +186,9 @@ typedef struct isula_host_config {
char
**
blkio_throttle_write_iops_device
;
size_t
blkio_throttle_write_iops_device_len
;
char
**
device_cgroup_rules
;
size_t
device_cgroup_rules_len
;
bool
privileged
;
bool
system_container
;
char
**
ns_change_files
;
...
...
src/cmd/command_parser.c
浏览文件 @
5c938888
...
...
@@ -583,3 +583,17 @@ out:
free
(
dup
);
return
ret
;
}
int
command_convert_device_cgroup_rules
(
command_option_t
*
option
,
const
char
*
arg
)
{
if
(
option
==
NULL
)
{
return
-
1
;
}
if
(
!
util_valid_device_cgroup_rule
(
arg
))
{
COMMAND_ERROR
(
"Invalid value
\"
%s
\"
for flag --%s"
,
arg
,
option
->
large
);
return
EINVALIDARGS
;
}
return
command_append_array
(
option
,
arg
);
}
src/cmd/command_parser.h
浏览文件 @
5c938888
...
...
@@ -106,6 +106,8 @@ int command_convert_swappiness(command_option_t *option, const char *arg);
int
command_convert_nanocpus
(
command_option_t
*
option
,
const
char
*
arg
);
int
command_convert_device_cgroup_rules
(
command_option_t
*
option
,
const
char
*
arg
);
#ifdef __cplusplus
}
#endif
...
...
src/cmd/isula/base/create.c
浏览文件 @
5c938888
...
...
@@ -842,7 +842,7 @@ static void request_pack_host_dns(const struct client_arguments *args, isula_hos
}
}
static
void
request_pack_host_ulimit
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
inline
static
void
request_pack_host_ulimit
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
{
/* ulimit options */
if
(
args
->
custom_conf
.
ulimits
!=
NULL
)
{
...
...
@@ -851,7 +851,8 @@ static void request_pack_host_ulimit(const struct client_arguments *args, isula_
}
}
static
void
request_pack_host_weight_devices
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
inline
static
void
request_pack_host_weight_devices
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
{
/* blkio weight devices */
if
(
args
->
custom_conf
.
weight_devices
!=
NULL
)
{
...
...
@@ -860,7 +861,8 @@ static void request_pack_host_weight_devices(const struct client_arguments *args
}
}
static
void
request_pack_host_device_read_bps
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
inline
static
void
request_pack_host_device_read_bps
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
{
if
(
args
->
custom_conf
.
blkio_throttle_read_bps_device
!=
NULL
)
{
hostconfig
->
blkio_throttle_read_bps_device_len
=
...
...
@@ -869,7 +871,8 @@ static void request_pack_host_device_read_bps(const struct client_arguments *arg
}
}
static
void
request_pack_host_device_write_bps
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
inline
static
void
request_pack_host_device_write_bps
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
{
if
(
args
->
custom_conf
.
blkio_throttle_write_bps_device
!=
NULL
)
{
hostconfig
->
blkio_throttle_write_bps_device_len
=
...
...
@@ -878,7 +881,8 @@ static void request_pack_host_device_write_bps(const struct client_arguments *ar
}
}
static
void
request_pack_host_device_read_iops
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
inline
static
void
request_pack_host_device_read_iops
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
{
if
(
args
->
custom_conf
.
blkio_throttle_read_iops_device
!=
NULL
)
{
hostconfig
->
blkio_throttle_read_iops_device_len
=
...
...
@@ -887,7 +891,8 @@ static void request_pack_host_device_read_iops(const struct client_arguments *ar
}
}
static
void
request_pack_host_device_write_iops
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
inline
static
void
request_pack_host_device_write_iops
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
{
if
(
args
->
custom_conf
.
blkio_throttle_write_iops_device
!=
NULL
)
{
hostconfig
->
blkio_throttle_write_iops_device_len
=
...
...
@@ -896,7 +901,16 @@ static void request_pack_host_device_write_iops(const struct client_arguments *a
}
}
static
void
request_pack_host_blockio
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
inline
static
void
request_pack_host_device_cgroup_rules
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
{
if
(
args
->
custom_conf
.
device_cgroup_rules
!=
NULL
)
{
hostconfig
->
device_cgroup_rules_len
=
util_array_len
((
const
char
**
)(
args
->
custom_conf
.
device_cgroup_rules
));
hostconfig
->
device_cgroup_rules
=
args
->
custom_conf
.
device_cgroup_rules
;
}
}
inline
static
void
request_pack_host_blockio
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
{
request_pack_host_weight_devices
(
args
,
hostconfig
);
request_pack_host_device_read_bps
(
args
,
hostconfig
);
...
...
@@ -905,7 +919,7 @@ static void request_pack_host_blockio(const struct client_arguments *args, isula
request_pack_host_device_write_iops
(
args
,
hostconfig
);
}
static
void
request_pack_host_devices
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
inline
static
void
request_pack_host_devices
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
{
/* devices */
if
(
args
->
custom_conf
.
devices
!=
NULL
)
{
...
...
@@ -914,7 +928,8 @@ static void request_pack_host_devices(const struct client_arguments *args, isula
}
}
static
void
request_pack_host_hugepage_limits
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
inline
static
void
request_pack_host_hugepage_limits
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
{
/* hugepage limits */
if
(
args
->
custom_conf
.
hugepage_limits
!=
NULL
)
{
...
...
@@ -923,7 +938,7 @@ static void request_pack_host_hugepage_limits(const struct client_arguments *arg
}
}
static
void
request_pack_host_binds
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
inline
static
void
request_pack_host_binds
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
{
/* volumes to binds */
if
(
args
->
custom_conf
.
volumes
!=
NULL
)
{
...
...
@@ -932,7 +947,7 @@ static void request_pack_host_binds(const struct client_arguments *args, isula_h
}
}
static
void
request_pack_host_hook_spec
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
inline
static
void
request_pack_host_hook_spec
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
{
/* hook-spec file */
if
(
args
->
custom_conf
.
hook_spec
!=
NULL
)
{
...
...
@@ -940,7 +955,8 @@ static void request_pack_host_hook_spec(const struct client_arguments *args, isu
}
}
static
void
request_pack_host_restart_policy
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
inline
static
void
request_pack_host_restart_policy
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
{
if
(
args
->
restart
!=
NULL
)
{
hostconfig
->
restart_policy
=
args
->
restart
;
...
...
@@ -970,7 +986,7 @@ static void request_pack_host_namespaces(const struct client_arguments *args, is
}
}
static
void
request_pack_host_security
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
inline
static
void
request_pack_host_security
(
const
struct
client_arguments
*
args
,
isula_host_config_t
*
hostconfig
)
{
/* security opt */
if
(
args
->
custom_conf
.
security
!=
NULL
)
{
...
...
@@ -1062,6 +1078,8 @@ static int request_pack_host_config(const struct client_arguments *args, isula_h
request_pack_host_security
(
args
,
hostconfig
);
request_pack_host_device_cgroup_rules
(
args
,
hostconfig
);
return
ret
;
}
...
...
src/cmd/isula/base/create.h
浏览文件 @
5c938888
...
...
@@ -459,7 +459,14 @@ extern "C" {
"Limit CPU real-time runtime in microseconds.", \
command_convert_llong }, \
{ CMD_OPT_TYPE_CALLBACK, false, "cpus", 0, &((cmdargs).cr).nano_cpus, "Number of CPUs.", \
command_convert_nanocpus },
command_convert_nanocpus }, \
{ CMD_OPT_TYPE_CALLBACK, \
false, \
"device-cgroup-rule", \
0, \
&(cmdargs).custom_conf.device_cgroup_rules, \
"Add a rule to the cgroup allowed devices list.", \
command_convert_device_cgroup_rules },
#define CREATE_EXTEND_OPTIONS(cmdargs) \
{ CMD_OPT_TYPE_BOOL, \
...
...
src/cmd/isula/client_arguments.c
浏览文件 @
5c938888
...
...
@@ -250,6 +250,9 @@ void client_arguments_free(struct client_arguments *args)
util_free_array
(
custom_conf
->
blkio_throttle_write_iops_device
);
custom_conf
->
blkio_throttle_write_iops_device
=
NULL
;
util_free_array
(
custom_conf
->
device_cgroup_rules
);
custom_conf
->
device_cgroup_rules
=
NULL
;
}
/* print common help */
...
...
src/cmd/isula/client_arguments.h
浏览文件 @
5c938888
...
...
@@ -203,6 +203,9 @@ struct custom_configs {
/* device write iops */
char
**
blkio_throttle_write_iops_device
;
/* device cgroup rules */
char
**
device_cgroup_rules
;
};
struct
args_cgroup_resources
{
...
...
src/daemon/modules/spec/specs_mount.c
浏览文件 @
5c938888
...
...
@@ -1788,6 +1788,194 @@ out:
return
ret
;
}
static
int
merge_conf_populate_device
(
oci_runtime_spec
*
oci_spec
,
host_config
*
host_spec
)
{
int
ret
=
0
;
if
(
host_spec
->
privileged
)
{
INFO
(
"Skipped
\"
--device
\"
due to conflict with
\"
--privileged
\"
"
);
return
0
;
}
if
(
host_spec
->
devices
!=
NULL
&&
host_spec
->
devices_len
!=
0
)
{
/* privileged containers will populate all devices in host */
ret
=
merge_custom_devices
(
oci_spec
,
host_spec
->
devices
,
host_spec
->
devices_len
);
if
(
ret
!=
0
)
{
ERROR
(
"Failed to merge custom devices"
);
goto
out
;
}
}
out:
return
ret
;
}
/* format example: b 7:* rmw */
static
int
parse_device_cgroup_rule
(
defs_device_cgroup
*
spec_dev_cgroup
,
const
char
*
rule
)
{
int
ret
=
0
;
char
**
parts
=
NULL
;
size_t
parts_len
=
0
;
char
**
file_mode
=
NULL
;
size_t
file_mode_len
=
0
;
if
(
rule
==
NULL
||
spec_dev_cgroup
==
NULL
)
{
return
-
1
;
}
parts
=
util_string_split
(
rule
,
' '
);
if
(
parts
==
NULL
)
{
ERROR
(
"Failed to split rule %s"
,
rule
);
ret
=
-
1
;
goto
free_out
;
}
parts_len
=
util_array_len
((
const
char
**
)
parts
);
if
(
parts_len
!=
3
)
{
ERROR
(
"Invalid rule %s"
,
rule
);
ret
=
-
1
;
goto
free_out
;
}
/* fill spec cgroup dev */
spec_dev_cgroup
->
allow
=
true
;
spec_dev_cgroup
->
access
=
util_strdup_s
(
parts
[
2
]);
spec_dev_cgroup
->
type
=
util_strdup_s
(
parts
[
0
]);
file_mode
=
util_string_split
(
parts
[
1
],
':'
);
if
(
file_mode
==
NULL
)
{
ERROR
(
"Invalid rule mode %s"
,
parts
[
1
]);
ret
=
-
1
;
goto
free_out
;
}
file_mode_len
=
util_array_len
((
const
char
**
)
file_mode
);
if
(
file_mode_len
!=
2
)
{
ERROR
(
"Invalid rule mode %s"
,
parts
[
1
]);
ret
=
-
1
;
goto
free_out
;
}
if
(
strcmp
(
file_mode
[
0
],
"*"
)
==
0
)
{
spec_dev_cgroup
->
major
=
-
1
;
}
else
{
if
(
util_safe_llong
(
file_mode
[
0
],
(
long
long
*
)
&
spec_dev_cgroup
->
major
)
!=
0
)
{
ERROR
(
"Invalid rule mode %s"
,
file_mode
[
0
]);
ret
=
-
1
;
goto
free_out
;
}
}
if
(
strcmp
(
file_mode
[
1
],
"*"
)
==
0
)
{
spec_dev_cgroup
->
minor
=
-
1
;
}
else
{
if
(
util_safe_llong
(
file_mode
[
1
],
(
long
long
*
)
&
spec_dev_cgroup
->
minor
)
!=
0
)
{
ERROR
(
"Invalid rule mode %s"
,
file_mode
[
1
]);
ret
=
-
1
;
goto
free_out
;
}
}
free_out:
util_free_array
(
parts
);
util_free_array
(
file_mode
);
return
ret
;
}
static
int
make_device_cgroup_rule
(
defs_device_cgroup
**
out_spec_dev_cgroup
,
const
char
*
dev_cgroup_rule
)
{
int
ret
=
0
;
defs_device_cgroup
*
spec_dev_cgroup
=
NULL
;
spec_dev_cgroup
=
util_common_calloc_s
(
sizeof
(
defs_device_cgroup
));
if
(
spec_dev_cgroup
==
NULL
)
{
ERROR
(
"Memory out"
);
ret
=
-
1
;
goto
erro_out
;
}
ret
=
parse_device_cgroup_rule
(
spec_dev_cgroup
,
dev_cgroup_rule
);
if
(
ret
!=
0
)
{
ERROR
(
"Failed to parse device cgroup rule %s"
,
dev_cgroup_rule
);
ret
=
-
1
;
goto
erro_out
;
}
*
out_spec_dev_cgroup
=
spec_dev_cgroup
;
goto
out
;
erro_out:
free_defs_device_cgroup
(
spec_dev_cgroup
);
out:
return
ret
;
}
static
int
do_merge_device_cgroup_rules
(
oci_runtime_spec
*
oci_spec
,
const
char
**
dev_cgroup_rules
,
size_t
dev_cgroup_rules_len
)
{
int
ret
=
0
;
size_t
new_size
=
0
,
old_size
=
0
;
size_t
i
=
0
;
ret
=
make_sure_oci_spec_linux_resources
(
oci_spec
);
if
(
ret
<
0
)
{
goto
out
;
}
/* malloc for cgroup->device */
defs_device_cgroup
**
spec_cgroup_dev
=
NULL
;
if
(
dev_cgroup_rules_len
>
SIZE_MAX
/
sizeof
(
defs_device_cgroup
*
)
-
oci_spec
->
linux
->
resources
->
devices_len
)
{
ERROR
(
"Too many cgroup devices to merge!"
);
ret
=
-
1
;
goto
out
;
}
new_size
=
(
oci_spec
->
linux
->
resources
->
devices_len
+
dev_cgroup_rules_len
)
*
sizeof
(
defs_device_cgroup
*
);
old_size
=
oci_spec
->
linux
->
resources
->
devices_len
*
sizeof
(
defs_device_cgroup
*
);
ret
=
mem_realloc
((
void
**
)
&
spec_cgroup_dev
,
new_size
,
oci_spec
->
linux
->
resources
->
devices
,
old_size
);
if
(
ret
!=
0
)
{
ERROR
(
"Out of memory"
);
ret
=
-
1
;
goto
out
;
}
oci_spec
->
linux
->
resources
->
devices
=
spec_cgroup_dev
;
for
(
i
=
0
;
i
<
dev_cgroup_rules_len
;
i
++
)
{
ret
=
make_device_cgroup_rule
(
&
oci_spec
->
linux
->
resources
->
devices
[
oci_spec
->
linux
->
resources
->
devices_len
],
dev_cgroup_rules
[
i
]);
if
(
ret
!=
0
)
{
ERROR
(
"Failed to merge custom device"
);
ret
=
-
1
;
goto
out
;
}
oci_spec
->
linux
->
resources
->
devices_len
++
;
}
out:
return
ret
;
}
static
int
merge_conf_device_cgroup_rule
(
oci_runtime_spec
*
oci_spec
,
host_config
*
host_spec
)
{
int
ret
=
0
;
if
(
host_spec
->
privileged
)
{
INFO
(
"Skipped
\"
--device-cgroup-rule
\"
due to conflict with
\"
--privileged
\"
"
);
return
0
;
}
if
(
host_spec
->
device_cgroup_rules
==
NULL
||
host_spec
->
device_cgroup_rules_len
==
0
)
{
return
0
;
}
ret
=
do_merge_device_cgroup_rules
(
oci_spec
,
(
const
char
**
)
host_spec
->
device_cgroup_rules
,
host_spec
->
device_cgroup_rules_len
);
if
(
ret
!=
0
)
{
ERROR
(
"Failed to merge custom devices cgroup rules"
);
goto
out
;
}
out:
return
ret
;
}
int
merge_conf_device
(
oci_runtime_spec
*
oci_spec
,
host_config
*
host_spec
)
{
int
ret
=
0
;
...
...
@@ -1842,17 +2030,15 @@ int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec)
}
/* devices which will be populated into container */
if
(
host_spec
->
devices
!=
NULL
&&
host_spec
->
devices_len
!=
0
)
{
/* privileged containers will populate all devices in host */
if
(
!
host_spec
->
privileged
)
{
ret
=
merge_custom_devices
(
oci_spec
,
host_spec
->
devices
,
host_spec
->
devices_len
);
if
(
ret
!=
0
)
{
ERROR
(
"Failed to merge custom devices"
);
goto
out
;
}
}
else
{
INFO
(
"Skipped
\"
--device
\"
due to conflict with
\"
--privileged
\"
"
);
}
if
(
merge_conf_populate_device
(
oci_spec
,
host_spec
))
{
ret
=
-
1
;
goto
out
;
}
/* device cgroup rules which will be added into container */
if
(
merge_conf_device_cgroup_rule
(
oci_spec
,
host_spec
))
{
ret
=
-
1
;
goto
out
;
}
out:
...
...
src/daemon/modules/spec/verify.c
浏览文件 @
5c938888
...
...
@@ -1951,6 +1951,25 @@ out:
return
ret
;
}
/* verify device cgroup rule */
static
int
verify_host_config_device_cgroup_rules
(
const
host_config
*
hostconfig
)
{
int
ret
=
0
;
size_t
i
=
0
;
for
(
i
=
0
;
i
<
hostconfig
->
device_cgroup_rules_len
;
i
++
)
{
if
(
!
util_valid_device_cgroup_rule
(
hostconfig
->
device_cgroup_rules
[
i
]))
{
ERROR
(
"Invalid device cgroup rule %s"
,
hostconfig
->
device_cgroup_rules
[
i
]);
isulad_set_error_message
(
"Invalid device cgroup rule %s"
,
hostconfig
->
device_cgroup_rules
[
i
]);
ret
=
-
1
;
goto
out
;
}
}
out:
return
ret
;
}
/* verify host config settings */
int
verify_host_config_settings
(
host_config
*
hostconfig
,
bool
update
)
{
...
...
@@ -1977,6 +1996,11 @@ int verify_host_config_settings(host_config *hostconfig, bool update)
goto
out
;
}
ret
=
verify_host_config_device_cgroup_rules
(
hostconfig
);
if
(
ret
!=
0
)
{
goto
out
;
}
#ifdef ENABLE_OCI_IMAGE
// storage options
ret
=
verify_storage_opts
(
hostconfig
);
...
...
src/utils/cutils/utils_verify.c
浏览文件 @
5c938888
...
...
@@ -649,5 +649,16 @@ bool util_valid_positive_interger(const char *value)
return
false
;
}
return
util_reg_match
(
patten
,
value
)
==
0
;
}
bool
util_valid_device_cgroup_rule
(
const
char
*
value
)
{
const
char
*
patten
=
"^([acb]) ([0-9]+|
\\
*):([0-9]+|
\\
*) ([rwm]{1,3})$"
;
if
(
value
==
NULL
)
{
return
false
;
}
return
util_reg_match
(
patten
,
value
)
==
0
;
}
\ No newline at end of file
src/utils/cutils/utils_verify.h
浏览文件 @
5c938888
...
...
@@ -101,6 +101,8 @@ bool util_valid_exec_suffix(const char *suffix);
bool
util_valid_positive_interger
(
const
char
*
value
);
bool
util_valid_device_cgroup_rule
(
const
char
*
value
);
#ifdef __cplusplus
}
#endif
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录