github.com/opencontainers/runtime-tools@v0.9.0/validation/util/linux_resources_devices.go (about) 1 package util 2 3 import ( 4 "fmt" 5 6 "github.com/mndrix/tap-go" 7 rspec "github.com/opencontainers/runtime-spec/specs-go" 8 "github.com/opencontainers/runtime-tools/cgroups" 9 "github.com/opencontainers/runtime-tools/specerror" 10 ) 11 12 // ValidateLinuxResourcesDevices validates linux.resources.devices. 13 func ValidateLinuxResourcesDevices(config *rspec.Spec, t *tap.T, state *rspec.State) error { 14 cg, err := cgroups.FindCgroup() 15 t.Ok((err == nil), "find devices") 16 if err != nil { 17 t.Diagnostic(err.Error()) 18 return nil 19 } 20 21 lnd, err := cg.GetDevicesData(state.Pid, config.Linux.CgroupsPath) 22 t.Ok((err == nil), "get devices data") 23 if err != nil { 24 t.Diagnostic(err.Error()) 25 return nil 26 } 27 28 for i, device := range config.Linux.Resources.Devices { 29 if device.Allow == true { 30 found := false 31 if lnd[i-1].Type == device.Type && *lnd[i-1].Major == *device.Major && *lnd[i-1].Minor == *device.Minor && lnd[i-1].Access == device.Access { 32 found = true 33 } 34 t.Ok(found, fmt.Sprintf("devices %s %d:%d %s is set correctly", device.Type, *device.Major, *device.Minor, device.Access)) 35 t.Diagnosticf("expect: %s %d:%d %s, actual: %s %d:%d %s", 36 device.Type, *device.Major, *device.Minor, device.Access, lnd[i-1].Type, *lnd[i-1].Major, *lnd[i-1].Minor, lnd[i-1].Access) 37 if !found { 38 err := specerror.NewError(specerror.DevicesApplyInOrder, fmt.Errorf("The runtime MUST apply entries in the listed order"), rspec.Version) 39 t.Diagnostic(err.Error()) 40 return nil 41 } 42 } 43 } 44 45 return nil 46 }