[lxc-devel] [lxd/master] Fix limits.cpu validation

stgraber on Github lxc-bot at linuxcontainers.org
Sat Oct 13 17:38:29 UTC 2018 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20181013/d4868bc1/attachment.bin>
-------------- next part --------------
From 5f3508d70ac8eaece38167dd7b47eb616a79fbdd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Sat, 13 Oct 2018 13:37:24 -0400
Subject: [PATCH 1/2] lxd/db: Fix bad limits.cpu

---
 lxd/db/cluster/update_test.go | 2 +-
 lxd/db/migration_test.go      | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lxd/db/cluster/update_test.go b/lxd/db/cluster/update_test.go
index 6a15b94b1d..8ce8f28b4b 100644
--- a/lxd/db/cluster/update_test.go
+++ b/lxd/db/cluster/update_test.go
@@ -405,7 +405,7 @@ INSERT INTO images_aliases VALUES (1, 'my-img', 1, NULL)
 INSERT INTO profiles VALUES (1, 'default', NULL);
 INSERT INTO profiles VALUES(2, 'users', '');
 INSERT INTO profiles_config VALUES(2, 2, 'boot.autostart', 'false');
-INSERT INTO profiles_config VALUES(3, 2, 'limits.cpu', '50%');
+INSERT INTO profiles_config VALUES(3, 2, 'limits.cpu.allowance', '50%');
 INSERT INTO profiles_devices VALUES(1, 1, 'eth0', 1);
 INSERT INTO profiles_devices VALUES(2, 1, 'root', 1);
 INSERT INTO profiles_devices_config VALUES(1, 1, 'nictype', 'bridged');
diff --git a/lxd/db/migration_test.go b/lxd/db/migration_test.go
index 352b759858..80a1a28c08 100644
--- a/lxd/db/migration_test.go
+++ b/lxd/db/migration_test.go
@@ -140,7 +140,7 @@ func TestImportPreClusteringData(t *testing.T) {
 	assert.Equal(t,
 		map[string]string{
 			"boot.autostart": "false",
-			"limits.cpu":     "50%"},
+			"limits.cpu.allowance":     "50%"},
 		profile.Config)
 	assert.Equal(t, map[string]map[string]string{}, profile.Devices)
 }
@@ -163,7 +163,7 @@ func newPreClusteringTx(t *testing.T) *sql.Tx {
 		"INSERT INTO profiles VALUES(1, 'default', 'Default LXD profile')",
 		"INSERT INTO profiles VALUES(2, 'users', '')",
 		"INSERT INTO profiles_config VALUES(2, 2, 'boot.autostart', 'false')",
-		"INSERT INTO profiles_config VALUES(3, 2, 'limits.cpu', '50%')",
+		"INSERT INTO profiles_config VALUES(3, 2, 'limits.cpu.allowance', '50%')",
 		"INSERT INTO profiles_devices VALUES(1, 1, 'eth0', 1)",
 		"INSERT INTO profiles_devices VALUES(2, 1, 'root', 1)",
 		"INSERT INTO profiles_devices_config VALUES(1, 1, 'nictype', 'bridged')",

From be85a58f47aae5a5336292ca53f6154ad836cbc0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Sat, 13 Oct 2018 13:37:42 -0400
Subject: [PATCH 2/2] shared: Add limits.cpu validator
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #5158

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/db/migration_test.go |  4 ++--
 shared/container.go      | 25 ++++++++++++++++++++++++-
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/lxd/db/migration_test.go b/lxd/db/migration_test.go
index 80a1a28c08..36e8f46a8a 100644
--- a/lxd/db/migration_test.go
+++ b/lxd/db/migration_test.go
@@ -139,8 +139,8 @@ func TestImportPreClusteringData(t *testing.T) {
 	require.NoError(t, err)
 	assert.Equal(t,
 		map[string]string{
-			"boot.autostart": "false",
-			"limits.cpu.allowance":     "50%"},
+			"boot.autostart":       "false",
+			"limits.cpu.allowance": "50%"},
 		profile.Config)
 	assert.Equal(t, map[string]map[string]string{}, profile.Devices)
 }
diff --git a/shared/container.go b/shared/container.go
index 17220508d2..0996a49138 100644
--- a/shared/container.go
+++ b/shared/container.go
@@ -2,6 +2,7 @@ package shared
 
 import (
 	"fmt"
+	"regexp"
 	"strconv"
 	"strings"
 )
@@ -144,7 +145,29 @@ var KnownContainerConfigKeys = map[string]func(value string) error{
 	"boot.stop.priority":         IsInt64,
 	"boot.host_shutdown_timeout": IsInt64,
 
-	"limits.cpu": IsAny,
+	"limits.cpu": func(value string) error {
+		if value == "" {
+			return nil
+		}
+
+		// Validate the character set
+		match, _ := regexp.MatchString("^[-,0-9]*$", value)
+		if !match {
+			return fmt.Errorf("Invalid CPU limit syntax")
+		}
+
+		// Validate first character
+		if strings.HasPrefix(value, "-") || strings.HasPrefix(value, ",") {
+			return fmt.Errorf("CPU limit can't start with a separator")
+		}
+
+		// Validate last character
+		if strings.HasSuffix(value, "-") || strings.HasSuffix(value, ",") {
+			return fmt.Errorf("CPU limit can't end with a separator")
+		}
+
+		return nil
+	},
 	"limits.cpu.allowance": func(value string) error {
 		if value == "" {
 			return nil

More information about the lxc-devel mailing list