Merge pull request #494 from q384566678/runtimetest-nil-fix

fix nil deference
opencontainers · Oct 17, 2017 · b0e8214 · b0e8214
2 parents e2707b1 + 19b061c
commit b0e8214
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 33 deletions.
diff --git a/cmd/runtimetest/main.go b/cmd/runtimetest/main.go
@@ -105,6 +105,10 @@ func validateGeneralProcess(spec *rspec.Spec) error {
 }
 
 func validateLinuxProcess(spec *rspec.Spec) error {
+	if spec.Process == nil {
+		return nil
+	}
+
 	validateGeneralProcess(spec)
 
 	uid := os.Getuid()
@@ -162,6 +166,10 @@ func validateLinuxProcess(spec *rspec.Spec) error {
 }
 
 func validateCapabilities(spec *rspec.Spec) error {
+	if spec.Process == nil || spec.Process.Capabilities == nil {
+		return nil
+	}
+
 	last := capability.CAP_LAST_CAP
 	// workaround for RHEL6 which has no /proc/sys/kernel/cap_last_cap
 	if last == capability.Cap(63) {
@@ -178,22 +186,20 @@ func validateCapabilities(spec *rspec.Spec) error {
 	expectedCaps3 := make(map[string]bool)
 	expectedCaps4 := make(map[string]bool)
 	expectedCaps5 := make(map[string]bool)
-	if spec.Process.Capabilities != nil {
-		for _, ec := range spec.Process.Capabilities.Bounding {
-			expectedCaps1[ec] = true
-		}
-		for _, ec := range spec.Process.Capabilities.Effective {
-			expectedCaps2[ec] = true
-		}
-		for _, ec := range spec.Process.Capabilities.Inheritable {
-			expectedCaps3[ec] = true
-		}
-		for _, ec := range spec.Process.Capabilities.Permitted {
-			expectedCaps4[ec] = true
-		}
-		for _, ec := range spec.Process.Capabilities.Ambient {
-			expectedCaps5[ec] = true
-		}
+	for _, ec := range spec.Process.Capabilities.Bounding {
+		expectedCaps1[ec] = true
+	}
+	for _, ec := range spec.Process.Capabilities.Effective {
+		expectedCaps2[ec] = true
+	}
+	for _, ec := range spec.Process.Capabilities.Inheritable {
+		expectedCaps3[ec] = true
+	}
+	for _, ec := range spec.Process.Capabilities.Permitted {
+		expectedCaps4[ec] = true
+	}
+	for _, ec := range spec.Process.Capabilities.Ambient {
+		expectedCaps5[ec] = true
 	}
 
 	for _, cap := range capability.List() {
@@ -259,6 +265,10 @@ func validateHostname(spec *rspec.Spec) error {
 }
 
 func validateRlimits(spec *rspec.Spec) error {
+	if spec.Process == nil {
+		return nil
+	}
+
 	for _, r := range spec.Process.Rlimits {
 		rl, err := strToRlimit(r.Type)
 		if err != nil {
@@ -311,6 +321,10 @@ func testWriteAccess(path string) error {
 }
 
 func validateRootFS(spec *rspec.Spec) error {
+	if spec.Root == nil {
+		return nil
+	}
+
 	if spec.Root.Readonly {
 		err := testWriteAccess("/")
 		if err == nil {
@@ -422,6 +436,10 @@ func validateDefaultSymlinks(spec *rspec.Spec) error {
 }
 
 func validateDefaultDevices(spec *rspec.Spec) error {
+	if spec.Process == nil {
+		return nil
+	}
+
 	if spec.Process.Terminal {
 		defaultDevices = append(defaultDevices, "/dev/console")
 	}

diff --git a/generate/generate.go b/generate/generate.go
@@ -398,7 +398,7 @@ func (g *Generator) SetProcessArgs(args []string) {
 
 // ClearProcessEnv clears g.spec.Process.Env.
 func (g *Generator) ClearProcessEnv() {
-	if g.spec == nil {
+	if g.spec == nil || g.spec.Process == nil {
 		return
 	}
 	g.spec.Process.Env = []string{}
@@ -440,7 +440,7 @@ func (g *Generator) AddProcessRlimits(rType string, rHard uint64, rSoft uint64)
 
 // RemoveProcessRlimits removes a rlimit from g.spec.Process.Rlimits.
 func (g *Generator) RemoveProcessRlimits(rType string) error {
-	if g.spec == nil {
+	if g.spec == nil || g.spec.Process == nil {
 		return nil
 	}
 	for i, rlimit := range g.spec.Process.Rlimits {
@@ -454,15 +454,15 @@ func (g *Generator) RemoveProcessRlimits(rType string) error {
 
 // ClearProcessRlimits clear g.spec.Process.Rlimits.
 func (g *Generator) ClearProcessRlimits() {
-	if g.spec == nil {
+	if g.spec == nil || g.spec.Process == nil {
 		return
 	}
 	g.spec.Process.Rlimits = []rspec.POSIXRlimit{}
 }
 
 // ClearProcessAdditionalGids clear g.spec.Process.AdditionalGids.
 func (g *Generator) ClearProcessAdditionalGids() {
-	if g.spec == nil {
+	if g.spec == nil || g.spec.Process == nil {
 		return
 	}
 	g.spec.Process.User.AdditionalGids = []uint32{}
@@ -737,10 +737,7 @@ func (g *Generator) SetLinuxRootPropagation(rp string) error {
 
 // ClearPreStartHooks clear g.spec.Hooks.Prestart.
 func (g *Generator) ClearPreStartHooks() {
-	if g.spec == nil {
-		return
-	}
-	if g.spec.Hooks == nil {
+	if g.spec == nil || g.spec.Hooks == nil {
 		return
 	}
 	g.spec.Hooks.Prestart = []rspec.Hook{}
@@ -787,10 +784,7 @@ func (g *Generator) AddPreStartHookTimeout(path string, timeout int) {
 
 // ClearPostStopHooks clear g.spec.Hooks.Poststop.
 func (g *Generator) ClearPostStopHooks() {
-	if g.spec == nil {
-		return
-	}
-	if g.spec.Hooks == nil {
+	if g.spec == nil || g.spec.Hooks == nil {
 		return
 	}
 	g.spec.Hooks.Poststop = []rspec.Hook{}
@@ -837,10 +831,7 @@ func (g *Generator) AddPostStopHookTimeout(path string, timeout int) {
 
 // ClearPostStartHooks clear g.spec.Hooks.Poststart.
 func (g *Generator) ClearPostStartHooks() {
-	if g.spec == nil {
-		return
-	}
-	if g.spec.Hooks == nil {
+	if g.spec == nil || g.spec.Hooks == nil {
 		return
 	}
 	g.spec.Hooks.Poststart = []rspec.Hook{}
@@ -976,7 +967,7 @@ func (g *Generator) SetupPrivileged(privileged bool) {
 
 // ClearProcessCapabilities clear g.spec.Process.Capabilities.
 func (g *Generator) ClearProcessCapabilities() {
-	if g.spec == nil {
+	if g.spec == nil || g.spec.Process == nil || g.spec.Process.Capabilities == nil {
 		return
 	}
 	g.spec.Process.Capabilities.Bounding = []string{}