Merge pull request #27651 from mrc0mmand/more-nspawn-tests

nspawn: OCI related fixes & tests
author: Frantisek Sumsal <frantisek@sumsal.cz> 2023-05-16 17:26:25 +0200
committer: GitHub <noreply@github.com> 2023-05-16 17:26:25 +0200
commit: a5a4d5a18e6270b3623dc5c48f1c61344f1d0555 (patch)
tree: 136327df8a5acd02c2692c6ef9c34b9a75c8dade /src
parent: 329f4b06f5124a8db042e8bd42fbc3265744aaa6 (diff)
parent: cd70372b934bded2249f26c72d4b6ab9bdf50a13 (diff)
download: systemd-a5a4d5a18e6270b3623dc5c48f1c61344f1d0555.tar.gz
3 files changed, 30 insertions, 30 deletions
diff --git a/src/nspawn/nspawn-oci.c b/src/nspawn/nspawn-oci.c
index 3c6bfd3eaf..5e21538597 100644
--- a/src/nspawn/nspawn-oci.c
+++ b/src/nspawn/nspawn-oci.c
@@ -605,7 +605,7 @@ static int oci_namespace_type(const char *name, JsonVariant *v, JsonDispatchFlag
                 *nsflags = CLONE_NEWCGROUP;
         else
                 return json_log(v, flags, SYNTHETIC_ERRNO(EINVAL),
-                                "Unknown cgroup type, refusing: %s", n);
+                                "Unknown namespace type, refusing: %s", n);
 
         return 0;
 }
@@ -663,7 +663,7 @@ static int oci_namespaces(const char *name, JsonVariant *v, JsonDispatchFlags fl
 
         if (!FLAGS_SET(n, CLONE_NEWNS))
                 return json_log(v, flags, SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                "Containers without file system namespace aren't supported.");
+                                "Containers without a mount namespace aren't supported.");
 
         s->private_network = FLAGS_SET(n, CLONE_NEWNET);
         s->userns_mode = FLAGS_SET(n, CLONE_NEWUSER) ? USER_NAMESPACE_FIXED : USER_NAMESPACE_NO;
@@ -819,7 +819,7 @@ static int oci_device_file_mode(const char *name, JsonVariant *v, JsonDispatchFl
                 return json_log(v, flags, SYNTHETIC_ERRNO(ERANGE),
                                 "fileMode out of range, refusing.");
 
-        *mode = m;
+        *mode = (*mode & ~07777) | m;
         return 0;
 }
 
@@ -874,7 +874,7 @@ static int oci_devices(const char *name, JsonVariant *v, JsonDispatchFlags flags
                         /* Suppress a couple of implicit device nodes */
                         r = devname_from_devnum(node->mode, makedev(node->major, node->minor), &path);
                         if (r < 0)
-                                json_log(e, flags|JSON_DEBUG, 0, "Failed to resolve device node %u:%u, ignoring: %m", node->major, node->minor);
+                                json_log(e, flags|JSON_DEBUG, r, "Failed to resolve device node %u:%u, ignoring: %m", node->major, node->minor);
                         else {
                                 if (PATH_IN_SET(path,
                                                 "/dev/null",
@@ -1177,13 +1177,13 @@ static int oci_cgroup_memory(const char *name, JsonVariant *v, JsonDispatchFlags
         };
 
         static const JsonDispatch table[] = {
-                { "limit",            JSON_VARIANT_NUMBER, oci_cgroup_memory_limit, offsetof(struct memory_data, limit),       0               },
-                { "reservation",      JSON_VARIANT_NUMBER, oci_cgroup_memory_limit, offsetof(struct memory_data, reservation), 0               },
-                { "swap",             JSON_VARIANT_NUMBER, oci_cgroup_memory_limit, offsetof(struct memory_data, swap),        0               },
-                { "kernel",           JSON_VARIANT_NUMBER, oci_unsupported,         0,                                         JSON_PERMISSIVE },
-                { "kernelTCP",        JSON_VARIANT_NUMBER, oci_unsupported,         0,                                         JSON_PERMISSIVE },
-                { "swapiness",        JSON_VARIANT_NUMBER, oci_unsupported,         0,                                         JSON_PERMISSIVE },
-                { "disableOOMKiller", JSON_VARIANT_NUMBER, oci_unsupported,         0,                                         JSON_PERMISSIVE },
+                { "limit",            JSON_VARIANT_NUMBER,  oci_cgroup_memory_limit, offsetof(struct memory_data, limit),       0               },
+                { "reservation",      JSON_VARIANT_NUMBER,  oci_cgroup_memory_limit, offsetof(struct memory_data, reservation), 0               },
+                { "swap",             JSON_VARIANT_NUMBER,  oci_cgroup_memory_limit, offsetof(struct memory_data, swap),        0               },
+                { "kernel",           JSON_VARIANT_NUMBER,  oci_unsupported,         0,                                         JSON_PERMISSIVE },
+                { "kernelTCP",        JSON_VARIANT_NUMBER,  oci_unsupported,         0,                                         JSON_PERMISSIVE },
+                { "swapiness",        JSON_VARIANT_NUMBER,  oci_unsupported,         0,                                         JSON_PERMISSIVE },
+                { "disableOOMKiller", JSON_VARIANT_BOOLEAN, oci_unsupported,         0,                                         JSON_PERMISSIVE },
                 {}
         };
 
@@ -1589,7 +1589,7 @@ static int oci_sysctl(const char *name, JsonVariant *v, JsonDispatchFlags flags,
 
                 assert_se(m = json_variant_string(w));
 
-                if (sysctl_key_valid(k))
+                if (!sysctl_key_valid(k))
                         return json_log(v, flags, SYNTHETIC_ERRNO(EINVAL),
                                         "sysctl key invalid, refusing: %s", k);
 
@@ -1829,6 +1829,7 @@ static int oci_seccomp_syscalls(const char *name, JsonVariant *v, JsonDispatchFl
                         { "names",  JSON_VARIANT_ARRAY,  json_dispatch_strv, offsetof(struct syscall_rule, names),  JSON_MANDATORY },
                         { "action", JSON_VARIANT_STRING, oci_seccomp_action, offsetof(struct syscall_rule, action), JSON_MANDATORY },
                         { "args",   JSON_VARIANT_ARRAY,  oci_seccomp_args,   0,                                     0              },
+                        {}
                 };
                 struct syscall_rule rule = {
                         .action = UINT32_MAX,
@@ -2083,7 +2084,7 @@ static int oci_hooks_array(const char *name, JsonVariant *v, JsonDispatchFlags f
                         .timeout = USEC_INFINITY,
                 };
 
-                r = json_dispatch(e, table, oci_unexpected, flags, userdata);
+                r = json_dispatch(e, table, oci_unexpected, flags, new_item);
                 if (r < 0) {
                         free(new_item->path);
                         strv_free(new_item->args);
@@ -2100,9 +2101,9 @@ static int oci_hooks_array(const char *name, JsonVariant *v, JsonDispatchFlags f
 static int oci_hooks(const char *name, JsonVariant *v, JsonDispatchFlags flags, void *userdata) {
 
         static const JsonDispatch table[] = {
-                { "prestart",  JSON_VARIANT_OBJECT, oci_hooks_array, 0, 0 },
-                { "poststart", JSON_VARIANT_OBJECT, oci_hooks_array, 0, 0 },
-                { "poststop",  JSON_VARIANT_OBJECT, oci_hooks_array, 0, 0 },
+                { "prestart",  JSON_VARIANT_ARRAY, oci_hooks_array, 0, 0 },
+                { "poststart", JSON_VARIANT_ARRAY, oci_hooks_array, 0, 0 },
+                { "poststop",  JSON_VARIANT_ARRAY, oci_hooks_array, 0, 0 },
                 {}
         };
 
diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c
index 7500eabd18..161b1c1c70 100644
--- a/src/nspawn/nspawn-settings.c
+++ b/src/nspawn/nspawn-settings.c
@@ -97,27 +97,25 @@ int settings_load(FILE *f, const char *path, Settings **ret) {
         return 0;
 }
 
-static void free_oci_hooks(OciHook *h, size_t n) {
-        size_t i;
+static void free_oci_hooks(OciHook *hooks, size_t n) {
+        assert(hooks || n == 0);
 
-        assert(h || n == 0);
-
-        for (i = 0; i < n; i++) {
-                free(h[i].path);
-                strv_free(h[i].args);
-                strv_free(h[i].env);
+        FOREACH_ARRAY(hook, hooks, n) {
+                free(hook->path);
+                strv_free(hook->args);
+                strv_free(hook->env);
         }
 
-        free(h);
+        free(hooks);
 }
 
-void device_node_array_free(DeviceNode *node, size_t n) {
-        size_t i;
+void device_node_array_free(DeviceNode *nodes, size_t n) {
+        assert(nodes || n == 0);
 
-        for (i = 0; i < n; i++)
-                free(node[i].path);
+        FOREACH_ARRAY(node, nodes, n)
+                free(node->path);
 
-        free(node);
+        free(nodes);
 }
 
 Settings* settings_free(Settings *s) {
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 49802d6fdf..5d49e05064 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -4651,6 +4651,7 @@ static int merge_settings(Settings *settings, const char *path) {
         device_node_array_free(arg_extra_nodes, arg_n_extra_nodes);
         arg_extra_nodes = TAKE_PTR(settings->extra_nodes);
         arg_n_extra_nodes = settings->n_extra_nodes;
+        settings->n_extra_nodes = 0;
 
         return 0;
 }
author	Frantisek Sumsal <frantisek@sumsal.cz>	2023-05-16 17:26:25 +0200
committer	GitHub <noreply@github.com>	2023-05-16 17:26:25 +0200
commit	a5a4d5a18e6270b3623dc5c48f1c61344f1d0555 (patch)
tree	136327df8a5acd02c2692c6ef9c34b9a75c8dade /src
parent	329f4b06f5124a8db042e8bd42fbc3265744aaa6 (diff)
parent	cd70372b934bded2249f26c72d4b6ab9bdf50a13 (diff)
download	systemd-a5a4d5a18e6270b3623dc5c48f1c61344f1d0555.tar.gz