validate: add mount type check

Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>

Author: Ma Shimiao

completions/bash/ocitools

@@ -253,7 +253,7 @@ _ocitools_validate() {
 
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "--hooks --path --help" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "--hooks --host-specific --path --help" -- "$cur" ) )
 			;;
 	esac
 

man/ocitools-validate.1.md

@@ -21,6 +21,9 @@ Validate an OCI bundle
 **--hooks**
   Check specified hooks exist and are executable on the host.
 
+**--host-specific**
+  Check host specified configs.
+
 # SEE ALSO
 **ocitools**(1)
 

validate.go

@@ -1,13 +1,15 @@
 package main
 
 import (
+	"bufio"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
 	"reflect"
+	"runtime"
 	"strings"
 	"unicode"
 	"unicode/utf8"
@@ -21,6 +23,7 @@ import (
 var bundleValidateFlags = []cli.Flag{
 	cli.StringFlag{Name: "path", Value: ".", Usage: "path to a bundle"},
 	cli.BoolFlag{Name: "hooks", Usage: "Check specified hooks exist and are executable on the host."},
+	cli.BoolFlag{Name: "hook-specific", Usage: "Check host specified configs."},
 }
 
 var (
@@ -80,17 +83,21 @@ var bundleValidateCommand = cli.Command{
 		}
 
 		hooksCheck := context.Bool("hooks")
-		bundleValidate(spec, rootfsPath, hooksCheck)
+		hostCheck := context.Bool("host-specific")
+		bundleValidate(spec, rootfsPath, hooksCheck, hostCheck)
 		logrus.Infof("Bundle validation succeeded.")
 		return nil
 	},
 }
 
-func bundleValidate(spec rspec.Spec, rootfs string, hooksCheck bool) {
+func bundleValidate(spec rspec.Spec, rootfs string, hooksCheck bool, hostCheck bool) {
 	checkMandatoryField(spec)
 	checkSemVer(spec.Version)
 	checkPlatform(spec.Platform)
 	checkProcess(spec.Process, rootfs)
+	if hostCheck && spec.Platform.OS == "linux" && runtime.GOOS == "linux" {
+		checkMounts(spec.Mounts)
+	}
 	checkLinux(spec)
 	checkHooks(spec.Hooks, hooksCheck)
 }
@@ -192,6 +199,47 @@ func checkProcess(process rspec.Process, rootfs string) {
 	}
 }
 
+func supportedMountTypes() (map[string]bool, error) {
+	supportedTypes := make(map[string]bool)
+	f, err := os.Open("/proc/filesystems")
+	if err != nil {
+		return supportedTypes, err
+	}
+	defer f.Close()
+
+	s := bufio.NewScanner(f)
+	for s.Scan() {
+		if err := s.Err(); err != nil {
+			return supportedTypes, err
+		}
+
+		text := s.Text()
+		parts := strings.Split(text, "\t")
+		if len(parts) > 1 {
+			supportedTypes[parts[1]] = true
+		} else {
+			supportedTypes[parts[0]] = true
+		}
+	}
+
+	supportedTypes["bind"] = true
+
+	return supportedTypes, nil
+}
+
+func checkMounts(mounts []rspec.Mount) {
+	supportedTypes, err := supportedMountTypes()
+	if err != nil {
+		logrus.Fatal(err)
+	}
+
+	for _, mount := range mounts {
+		if !supportedTypes[mount.Type] {
+			logrus.Fatalf("Unsupported mount type %q", mount.Type)
+		}
+	}
+}
+
 //Linux only
 func checkLinux(spec rspec.Spec) {
 	utsExists := false