validate: add sysctl check

Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>

Author: Ma Shimiao

validate.go

@@ -195,6 +195,8 @@ func checkProcess(process rspec.Process, rootfs string) {
 //Linux only
 func checkLinux(spec rspec.Spec) {
 	utsExists := false
+	ipcExists := false
+	netExists := false
 
 	if len(spec.Linux.UIDMappings) > 5 {
 		logrus.Fatalf("Only 5 UID mappings are allowed (linux kernel restriction).")
@@ -208,6 +210,19 @@ func checkLinux(spec rspec.Spec) {
 			logrus.Fatalf("namespace %v is invalid.", spec.Linux.Namespaces[index])
 		} else if spec.Linux.Namespaces[index].Type == rspec.UTSNamespace {
 			utsExists = true
+		} else if spec.Linux.Namespaces[index].Type == rspec.IPCNamespace {
+			ipcExists = true
+		} else if spec.Linux.Namespaces[index].Type == rspec.NetworkNamespace {
+			netExists = true
+		}
+	}
+
+	for k, v := range spec.Linux.Sysctl {
+		if strings.HasPrefix(k, "net.") && !netExists {
+			logrus.Fatalf("Sysctl %v requires a new Network namespace to be specified as well", k)
+		}
+		if strings.HasPrefix(k, "fs.mqueue.") && !ipcExists {
+			logrus.Fatalf("Sysctl %v requires a new IPC namespace to be specified as well", k)
 		}
 	}