Skip to content

Commit 7f95893

Browse files
author
Ma Shimiao
committed
fix panic when Linux is nil
Linux is not always not nil. If Linux is nil, panic will occur. Signed-off-by: Ma Shimiao <[email protected]>
1 parent c128781 commit 7f95893

File tree

1 file changed

+66
-58
lines changed

1 file changed

+66
-58
lines changed

libcontainer/specconv/spec_linux.go

Lines changed: 66 additions & 58 deletions
Original file line numberDiff line numberDiff line change
@@ -180,20 +180,11 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
180180
}
181181

182182
exists := false
183-
if config.RootPropagation, exists = mountPropagationMapping[spec.Linux.RootfsPropagation]; !exists {
184-
return nil, fmt.Errorf("rootfsPropagation=%v is not supported", spec.Linux.RootfsPropagation)
183+
linuxSpecific := false
184+
if spec.Linux != nil {
185+
linuxSpecific = true
185186
}
186187

187-
for _, ns := range spec.Linux.Namespaces {
188-
t, exists := namespaceMapping[ns.Type]
189-
if !exists {
190-
return nil, fmt.Errorf("namespace %q does not exist", ns)
191-
}
192-
if config.Namespaces.Contains(t) {
193-
return nil, fmt.Errorf("malformed spec file: duplicated ns %q", ns)
194-
}
195-
config.Namespaces.Add(t, ns.Path)
196-
}
197188
if config.Namespaces.Contains(configs.NEWNET) {
198189
config.Networks = []*configs.Network{
199190
{
@@ -215,23 +206,40 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
215206
return nil, err
216207
}
217208
config.Cgroups = c
218-
// set extra path masking for libcontainer for the various unsafe places in proc
219-
config.MaskPaths = spec.Linux.MaskedPaths
220-
config.ReadonlyPaths = spec.Linux.ReadonlyPaths
221-
if spec.Linux.Seccomp != nil {
222-
seccomp, err := setupSeccomp(spec.Linux.Seccomp)
223-
if err != nil {
224-
return nil, err
209+
// set linux-specific config
210+
if linuxSpecific {
211+
if config.RootPropagation, exists = mountPropagationMapping[spec.Linux.RootfsPropagation]; !exists {
212+
return nil, fmt.Errorf("rootfsPropagation=%v is not supported", spec.Linux.RootfsPropagation)
213+
}
214+
215+
for _, ns := range spec.Linux.Namespaces {
216+
t, exists := namespaceMapping[ns.Type]
217+
if !exists {
218+
return nil, fmt.Errorf("namespace %q does not exist", ns)
219+
}
220+
if config.Namespaces.Contains(t) {
221+
return nil, fmt.Errorf("malformed spec file: duplicated ns %q", ns)
222+
}
223+
config.Namespaces.Add(t, ns.Path)
224+
}
225+
config.MaskPaths = spec.Linux.MaskedPaths
226+
config.ReadonlyPaths = spec.Linux.ReadonlyPaths
227+
config.MountLabel = spec.Linux.MountLabel
228+
config.Sysctl = spec.Linux.Sysctl
229+
if spec.Linux.Resources != nil && spec.Linux.Resources.OOMScoreAdj != nil {
230+
config.OomScoreAdj = *spec.Linux.Resources.OOMScoreAdj
231+
}
232+
if spec.Linux.Seccomp != nil {
233+
seccomp, err := setupSeccomp(spec.Linux.Seccomp)
234+
if err != nil {
235+
return nil, err
236+
}
237+
config.Seccomp = seccomp
225238
}
226-
config.Seccomp = seccomp
227239
}
228240
if spec.Process.SelinuxLabel != "" {
229241
config.ProcessLabel = spec.Process.SelinuxLabel
230242
}
231-
config.Sysctl = spec.Linux.Sysctl
232-
if spec.Linux.Resources != nil && spec.Linux.Resources.OOMScoreAdj != nil {
233-
config.OomScoreAdj = *spec.Linux.Resources.OOMScoreAdj
234-
}
235243
if spec.Process.Capabilities != nil {
236244
config.Capabilities = &configs.Capabilities{
237245
Bounding: spec.Process.Capabilities.Bounding,
@@ -242,7 +250,6 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
242250
}
243251
}
244252
createHooks(spec, config)
245-
config.MountLabel = spec.Linux.MountLabel
246253
config.Version = specs.Version
247254
return config, nil
248255
}
@@ -562,53 +569,54 @@ func createDevices(spec *specs.Spec, config *configs.Config) error {
562569
},
563570
}
564571
// merge in additional devices from the spec
565-
for _, d := range spec.Linux.Devices {
566-
var uid, gid uint32
567-
var filemode os.FileMode = 0666
572+
if spec.Linux != nil {
573+
for _, d := range spec.Linux.Devices {
574+
var uid, gid uint32
575+
var filemode os.FileMode = 0666
568576

569-
if d.UID != nil {
570-
uid = *d.UID
571-
}
572-
if d.GID != nil {
573-
gid = *d.GID
574-
}
575-
dt, err := stringToDeviceRune(d.Type)
576-
if err != nil {
577-
return err
578-
}
579-
if d.FileMode != nil {
580-
filemode = *d.FileMode
581-
}
582-
device := &configs.Device{
583-
Type: dt,
584-
Path: d.Path,
585-
Major: d.Major,
586-
Minor: d.Minor,
587-
FileMode: filemode,
588-
Uid: uid,
589-
Gid: gid,
577+
if d.UID != nil {
578+
uid = *d.UID
579+
}
580+
if d.GID != nil {
581+
gid = *d.GID
582+
}
583+
dt, err := stringToDeviceRune(d.Type)
584+
if err != nil {
585+
return err
586+
}
587+
if d.FileMode != nil {
588+
filemode = *d.FileMode
589+
}
590+
device := &configs.Device{
591+
Type: dt,
592+
Path: d.Path,
593+
Major: d.Major,
594+
Minor: d.Minor,
595+
FileMode: filemode,
596+
Uid: uid,
597+
Gid: gid,
598+
}
599+
config.Devices = append(config.Devices, device)
590600
}
591-
config.Devices = append(config.Devices, device)
592601
}
593602
return nil
594603
}
595604

596605
func setupUserNamespace(spec *specs.Spec, config *configs.Config) error {
597-
if len(spec.Linux.UIDMappings) == 0 {
598-
return nil
599-
}
600606
create := func(m specs.LinuxIDMapping) configs.IDMap {
601607
return configs.IDMap{
602608
HostID: int(m.HostID),
603609
ContainerID: int(m.ContainerID),
604610
Size: int(m.Size),
605611
}
606612
}
607-
for _, m := range spec.Linux.UIDMappings {
608-
config.UidMappings = append(config.UidMappings, create(m))
609-
}
610-
for _, m := range spec.Linux.GIDMappings {
611-
config.GidMappings = append(config.GidMappings, create(m))
613+
if spec.Linux != nil {
614+
for _, m := range spec.Linux.UIDMappings {
615+
config.UidMappings = append(config.UidMappings, create(m))
616+
}
617+
for _, m := range spec.Linux.GIDMappings {
618+
config.GidMappings = append(config.GidMappings, create(m))
619+
}
612620
}
613621
rootUID, err := config.HostRootUID()
614622
if err != nil {

0 commit comments

Comments
 (0)