Skip to content

Commit

Permalink
libcontainer/configs/validate: improve rootlessEUIDMount
Browse files Browse the repository at this point in the history
1. Avoid splitting mount data into []string if it does not contain
   options we're interested in. This should result in slightly less
   garbage to collect.

2. Use if / else if instead of continue, to make it clearer that
   we're processing one option at a time.

3. Print the whole option as a sting in an error message; practically
   this should not have any effect, it's just simpler.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
  • Loading branch information
kolyshkin committed Jan 10, 2025
1 parent 05f53d6 commit 8ecb278
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions libcontainer/configs/validate/rootless.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,9 @@ func rootlessEUIDMount(config *configs.Config) error {
for _, mount := range config.Mounts {
// Check that the options list doesn't contain any uid= or gid= entries
// that don't resolve to root.
if !strings.Contains(mount.Data, "id=") {
continue
}
for _, opt := range strings.Split(mount.Data, ",") {
if str, ok := strings.CutPrefix(opt, "uid="); ok {
uid, err := strconv.Atoi(str)
Expand All @@ -63,18 +66,16 @@ func rootlessEUIDMount(config *configs.Config) error {
continue
}
if _, err := config.HostUID(uid); err != nil {
return fmt.Errorf("cannot specify uid=%d mount option for rootless container: %w", uid, err)
return fmt.Errorf("cannot specify %s mount option for rootless container: %w", opt, err)
}
continue
}
if str, ok := strings.CutPrefix(opt, "gid="); ok {
} else if str, ok := strings.CutPrefix(opt, "gid="); ok {
gid, err := strconv.Atoi(str)
if err != nil {
// Ignore unknown mount options.
continue
}
if _, err := config.HostGID(gid); err != nil {
return fmt.Errorf("cannot specify gid=%d mount option for rootless container: %w", gid, err)
return fmt.Errorf("cannot specify %s mount option for rootless container: %w", opt, err)
}
}
}
Expand Down

0 comments on commit 8ecb278

Please sign in to comment.