Skip to content

Commit cdcabde

Browse files
vbattsvbatts
committed
schema: JSON Schema and validator for config.json
Conforming to https://tools.ietf.org/html/draft-zyp-json-schema-03 and http://json-schema.org/latest/json-schema-core.html * Utilizes a number of JSON schema features, including 'pattern' * Defined primitives, like integers, that we'll use * Split out definitions for primitives and platform-specific * Provide a Makefile for: - "fmt" target for *.json - "validate" target for building the validation tool Signed-off-by: Vincent Batts <[email protected]>
1 parent dae09c6 commit cdcabde

File tree

6 files changed

+960
-0
lines changed

6 files changed

+960
-0
lines changed

schema/Makefile

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
2+
default: help
3+
4+
help:
5+
@echo "Usage: make <target>"
6+
@echo
7+
@echo " * 'fmt' - format the json with indentation"
8+
@echo " * 'validate' - build the validation tool"
9+
10+
fmt:
11+
for i in *.json ; do jq --indent 4 -M . "$${i}" > xx && cat xx > "$${i}" && rm xx ; done
12+
13+
validate: validate.go
14+
go build ./validate.go
15+

schema/defs-linux.json

Lines changed: 239 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,239 @@
1+
{
2+
"definitions": {
3+
"SeccompArch": {
4+
"type": "string",
5+
"enum": [
6+
"SCMP_ARCH_X86",
7+
"SCMP_ARCH_X86_64",
8+
"SCMP_ARCH_X32",
9+
"SCMP_ARCH_ARM",
10+
"SCMP_ARCH_AARCH64",
11+
"SCMP_ARCH_MIPS",
12+
"SCMP_ARCH_MIPS64",
13+
"SCMP_ARCH_MIPS64N32",
14+
"SCMP_ARCH_MIPSEL",
15+
"SCMP_ARCH_MIPSEL64",
16+
"SCMP_ARCH_MIPSEL64N32"
17+
]
18+
},
19+
"SeccompAction": {
20+
"type": "string",
21+
"enum": [
22+
"SCMP_ACT_KILL",
23+
"SCMP_ACT_TRAP",
24+
"SCMP_ACT_ERRNO",
25+
"SCMP_ACT_TRACE",
26+
"SCMP_ACT_ALLOW"
27+
]
28+
},
29+
"SeccompOperators": {
30+
"type": "string",
31+
"enum": [
32+
"SCMP_CMP_NE",
33+
"SCMP_CMP_LT",
34+
"SCMP_CMP_LE",
35+
"SCMP_CMP_EQ",
36+
"SCMP_CMP_GE",
37+
"SCMP_CMP_GT",
38+
"SCMP_CMP_MASKED_EQ"
39+
]
40+
},
41+
"SyscallArg": {
42+
"properties": {
43+
"index": {
44+
"$ref": "defs.json#/definitions/uint32"
45+
},
46+
"value": {
47+
"$ref": "defs.json#/definitions/uint64"
48+
},
49+
"valueTwo": {
50+
"$ref": "defs.json#/definitions/uint64"
51+
},
52+
"op": {
53+
"$ref": "#/definitions/SeccompOperators"
54+
}
55+
}
56+
},
57+
"Syscall": {
58+
"properties": {
59+
"name": {
60+
"type": "string"
61+
},
62+
"action": {
63+
"$ref": "#/definitions/SeccompAction"
64+
},
65+
"args": {
66+
"type": "array",
67+
"items": {
68+
"$ref": "#/definitions/SyscallArg"
69+
}
70+
}
71+
}
72+
},
73+
"Capability": {
74+
"description": "Linux process permissions",
75+
"type": "string",
76+
"pattern": "^CAP_([A-Z]|_)+$"
77+
},
78+
"Major": {
79+
"description": "major device number",
80+
"$ref": "defs.json#/definitions/uint16"
81+
},
82+
"Minor": {
83+
"description": "minor device number",
84+
"$ref": "defs.json#/definitions/uint16"
85+
},
86+
"FileMode": {
87+
"description": "File permissions mode (typically an octal value)",
88+
"type": "integer",
89+
"minimum": 0,
90+
"maximum": 512
91+
},
92+
"FilePermissions": {
93+
"type": "string"
94+
},
95+
"FileType": {
96+
"type": "integer"
97+
},
98+
"Device": {
99+
"properties": {
100+
"type": {
101+
"$ref": "#/definitions/FileType"
102+
},
103+
"permissions": {
104+
"$ref": "#/definitions/FilePermissions"
105+
},
106+
"path": {
107+
"$ref": "defs.json#/definitions/FilePath"
108+
},
109+
"fileMode": {
110+
"$ref": "#/definitions/FileMode"
111+
},
112+
"major": {
113+
"$ref": "#/definitions/Major"
114+
},
115+
"minor": {
116+
"$ref": "#/definitions/Minor"
117+
},
118+
"uid": {
119+
"$ref": "defs.json#/definitions/UID"
120+
},
121+
"gid": {
122+
"$ref": "defs.json#/definitions/GID"
123+
}
124+
}
125+
},
126+
"blkioWeight": {
127+
"type": "integer",
128+
"minimum": 10,
129+
"maximum": 1000
130+
},
131+
"blkioWeightPointer": {
132+
"oneOf": [
133+
{
134+
"$ref": "#/definitions/blkioWeight"
135+
},
136+
{
137+
"type": "null"
138+
}
139+
]
140+
},
141+
"blockIODevice": {
142+
"properties": {
143+
"major": {
144+
"$ref": "#/definitions/Major"
145+
},
146+
"minor": {
147+
"$ref": "#/definitions/Minor"
148+
}
149+
},
150+
"required": [
151+
"major",
152+
"minor"
153+
]
154+
},
155+
"blockIODeviceWeight": {
156+
"type": "object",
157+
"allOf": [
158+
{
159+
"$ref": "#/definitions/blockIODevice"
160+
},
161+
{
162+
"properties": {
163+
"weight": {
164+
"$ref": "#/definitions/blkioWeightPointer"
165+
},
166+
"leafWeight": {
167+
"$ref": "#/definitions/blkioWeightPointer"
168+
}
169+
}
170+
}
171+
]
172+
},
173+
"blockIODeviceWeightPointer": {
174+
"oneOf": [
175+
{
176+
"$ref": "#/definitions/blockIODeviceWeight"
177+
},
178+
{
179+
"type": "null"
180+
}
181+
]
182+
},
183+
"blockIODeviceThrottle": {
184+
"allOf": [
185+
{
186+
"$ref": "#/definitions/blockIODevice"
187+
},
188+
{
189+
"properties": {
190+
"rate": {
191+
"$ref": "defs.json#/definitions/uint64Pointer"
192+
}
193+
}
194+
}
195+
]
196+
},
197+
"blockIODeviceThrottlePointer": {
198+
"oneOf": [
199+
{
200+
"$ref": "#/definitions/blockIODeviceThrottle"
201+
},
202+
{
203+
"type": "null"
204+
}
205+
]
206+
},
207+
"NetworkInterfacePriority": {
208+
"properties": {
209+
"name": {
210+
"type": "string"
211+
},
212+
"priority": {
213+
"$ref": "defs.json#/definitions/uint32"
214+
}
215+
}
216+
},
217+
"NamespaceType": {
218+
"type": "string",
219+
"enum": [
220+
"mount",
221+
"pid",
222+
"network",
223+
"uts",
224+
"ipc",
225+
"user"
226+
]
227+
},
228+
"NamespaceReference": {
229+
"properties": {
230+
"type": {
231+
"$ref": "#/definitions/NamespaceType"
232+
},
233+
"path": {
234+
"$ref": "defs.json#/definitions/FilePath"
235+
}
236+
}
237+
}
238+
}
239+
}

0 commit comments

Comments
 (0)