specgen: fix parsing of cgroup devices rule

Fix the parse for the cgroup devices rule to correctly handle the wildcard syntax for the device major. Also make sure the device major and minor are not negative numbers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2022-06-30 23:18:45 +02:00 · 2022-06-30 23:18:45 +02:00 · 891dfd3a8f
parent 3426d56b92
commit 891dfd3a8f
3 changed files with 92 additions and 9 deletions
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@ -1134,17 +1134,21 @@ func parseLinuxResourcesDeviceAccess(device string) (specs.LinuxDeviceCgroup, er
 	}

 	number := strings.SplitN(value[1], ":", 2)
-	i, err := strconv.ParseInt(number[0], 10, 64)
-	if err != nil {
-		return specs.LinuxDeviceCgroup{}, err
-	}
-	major = &i
-	if len(number) == 2 && number[1] != "*" {
-		i, err := strconv.ParseInt(number[1], 10, 64)
+	if number[0] != "*" {
+		i, err := strconv.ParseUint(number[0], 10, 64)
 		if err != nil {
 			return specs.LinuxDeviceCgroup{}, err
 		}
-		minor = &i
+		m := int64(i)
+		major = &m
+	}
+	if len(number) == 2 && number[1] != "*" {
+		i, err := strconv.ParseUint(number[1], 10, 64)
+		if err != nil {
+			return specs.LinuxDeviceCgroup{}, err
+		}
+		m := int64(i)
+		minor = &m
 	}
 	access = value[2]
 	for _, c := range strings.Split(access, "") {
--- a/pkg/specgenutil/specgenutil_test.go
+++ b/pkg/specgenutil/specgenutil_test.go
@ -75,3 +75,82 @@ func TestWinPath(t *testing.T) {
 		}
 	}
 }
+
+func TestParseLinuxResourcesDeviceAccess(t *testing.T) {
+	d, err := parseLinuxResourcesDeviceAccess("a *:* rwm")
+	assert.Nil(t, err, "err is nil")
+	assert.True(t, d.Allow, "allow is true")
+	assert.Equal(t, d.Type, "a", "type is 'a'")
+	assert.Nil(t, d.Minor, "minor is nil")
+	assert.Nil(t, d.Major, "major is nil")
+
+	d, err = parseLinuxResourcesDeviceAccess("b 3:* rwm")
+	assert.Nil(t, err, "err is nil")
+	assert.True(t, d.Allow, "allow is true")
+	assert.Equal(t, d.Type, "b", "type is 'b'")
+	assert.Nil(t, d.Minor, "minor is nil")
+	assert.NotNil(t, d.Major, "major is not nil")
+	assert.Equal(t, *d.Major, int64(3), "major is 3")
+
+	d, err = parseLinuxResourcesDeviceAccess("a *:3 rwm")
+	assert.Nil(t, err, "err is nil")
+	assert.True(t, d.Allow, "allow is true")
+	assert.Equal(t, d.Type, "a", "type is 'a'")
+	assert.Nil(t, d.Major, "major is nil")
+	assert.NotNil(t, d.Minor, "minor is not nil")
+	assert.Equal(t, *d.Minor, int64(3), "minor is 3")
+
+	d, err = parseLinuxResourcesDeviceAccess("c 1:2 rwm")
+	assert.Nil(t, err, "err is nil")
+	assert.True(t, d.Allow, "allow is true")
+	assert.Equal(t, d.Type, "c", "type is 'c'")
+	assert.NotNil(t, d.Major, "minor is not nil")
+	assert.Equal(t, *d.Major, int64(1), "minor is 1")
+	assert.NotNil(t, d.Minor, "minor is not nil")
+	assert.Equal(t, *d.Minor, int64(2), "minor is 2")
+
+	_, err = parseLinuxResourcesDeviceAccess("q *:* rwm")
+	assert.NotNil(t, err, "err is not nil")
+
+	_, err = parseLinuxResourcesDeviceAccess("a a:* rwm")
+	assert.NotNil(t, err, "err is not nil")
+
+	_, err = parseLinuxResourcesDeviceAccess("a *:a rwm")
+	assert.NotNil(t, err, "err is not nil")
+
+	_, err = parseLinuxResourcesDeviceAccess("a *:* abc")
+	assert.NotNil(t, err, "err is not nil")
+
+	_, err = parseLinuxResourcesDeviceAccess("* *:* *")
+	assert.NotNil(t, err, "err is not nil")
+
+	_, err = parseLinuxResourcesDeviceAccess("* *:a2 *")
+	assert.NotNil(t, err, "err is not nil")
+
+	_, err = parseLinuxResourcesDeviceAccess("*")
+	assert.NotNil(t, err, "err is not nil")
+
+	_, err = parseLinuxResourcesDeviceAccess("*:*")
+	assert.NotNil(t, err, "err is not nil")
+
+	_, err = parseLinuxResourcesDeviceAccess("a *:*")
+	assert.NotNil(t, err, "err is not nil")
+
+	_, err = parseLinuxResourcesDeviceAccess("a *:*")
+	assert.NotNil(t, err, "err is not nil")
+
+	_, err = parseLinuxResourcesDeviceAccess("a 12a:* r")
+	assert.NotNil(t, err, "err is not nil")
+
+	_, err = parseLinuxResourcesDeviceAccess("a a12:* r")
+	assert.NotNil(t, err, "err is not nil")
+
+	_, err = parseLinuxResourcesDeviceAccess("a 0x1:* r")
+	assert.NotNil(t, err, "err is not nil")
+
+	_, err = parseLinuxResourcesDeviceAccess("a -2:* r")
+	assert.NotNil(t, err, "err is not nil")
+
+	_, err = parseLinuxResourcesDeviceAccess("a *:-3 r")
+	assert.NotNil(t, err, "err is not nil")
+}
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@ -730,7 +730,7 @@ EOF
    run_podman 125 run --device-cgroup-rule="x 7:* rmw" --rm $IMAGE
    is "$output" "Error: invalid device type in device-access-add: x"
    run_podman 125 run --device-cgroup-rule="a a:* rmw" --rm $IMAGE
-    is "$output" "Error: strconv.ParseInt: parsing \"a\": invalid syntax"
+    is "$output" "Error: strconv.ParseUint: parsing \"a\": invalid syntax"
 }

@test "podman run closes stdin" {