opencontainers · mrunalp · Jan 21, 2016 · Jan 21, 2016
@@ -89,7 +89,7 @@ func validateProcess(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec) error
 
 	args := strings.Split(string(bytes.Trim(cmdlineBytes, "\x00")), " ")
 	if len(args) != len(spec.Process.Args) {
-		return fmt.Errorf("Process arguments expected: %v, actual: %v")
+		return fmt.Errorf("Process arguments expected: %v, actual: %v", len(spec.Process.Args), len(args))
 	}
 	for i, a := range args {
 		if a != spec.Process.Args[i] {
@@ -103,7 +103,7 @@ func validateProcess(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec) error
 		expectedValue := parts[1]
 		actualValue := os.Getenv(key)
 		if actualValue != expectedValue {
-			return fmt.Errorf("Env %v expected: %v, actual: %v", expectedValue, actualValue)
+			return fmt.Errorf("Env %v expected: %v, actual: %v", key, expectedValue, actualValue)
 		}
 	}
 
@@ -144,9 +144,8 @@ func validateCapabilities(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec)
 		if expectedSet != actuallySet {
 			if expectedSet {
 				return fmt.Errorf("Expected Capability %v not set for process", cap.String())
-			} else {
-				return fmt.Errorf("Unexpected Capability %v set for process", cap.String())
-			}
+			} 
+			return fmt.Errorf("Unexpected Capability %v set for process", cap.String())
 		}
 	}
 
@@ -179,10 +178,10 @@ func validateRlimits(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec) error
 		}
 
 		if rlimit.Cur != r.Soft {
-			return fmt.Errorf("%v rlimit soft expected: %v, actual: %v", r.Soft, rlimit.Cur)
+			return fmt.Errorf("%v rlimit soft expected: %v, actual: %v", r.Type, r.Soft, rlimit.Cur)
 		}
 		if rlimit.Max != r.Hard {
-			return fmt.Errorf("%v rlimit hard expected: %v, actual: %v", r.Hard, rlimit.Max)
+			return fmt.Errorf("%v rlimit hard expected: %v, actual: %v", r.Type, r.Hard, rlimit.Max)
 		}
 	}
 	return nil

@@ -2,42 +2,43 @@ package main
 
 import "fmt"
 
+// These values map to rlimit constants defined in linux
 const (
-	RLIMIT_CPU        = iota // CPU time in sec
-	RLIMIT_FSIZE             // Maximum filesize
-	RLIMIT_DATA              // max data size
-	RLIMIT_STACK             // max stack size
-	RLIMIT_CORE              // max core file size
-	RLIMIT_RSS               // max resident set size
-	RLIMIT_NPROC             // max number of processes
-	RLIMIT_NOFILE            // max number of open files
-	RLIMIT_MEMLOCK           // max locked-in-memory address space
-	RLIMIT_AS                // address space limit
-	RLIMIT_LOCKS             // maximum file locks held
-	RLIMIT_SIGPENDING        // max number of pending signals
-	RLIMIT_MSGQUEUE          // maximum bytes in POSIX mqueues
-	RLIMIT_NICE              // max nice prio allowed to raise to
-	RLIMIT_RTPRIO            // maximum realtime priority
-	RLIMIT_RTTIME            // timeout for RT tasks in us
+	RlimitCPU        = iota // CPU time in sec
+	RlimitFsize             // Maximum filesize
+	RlimitData              // max data size
+	RlimitStack             // max stack size
+	RlimitCore              // max core file size
+	RlimitRss               // max resident set size
+	RlimitNproc             // max number of processes
+	RlimitNofile            // max number of open files
+	RlimitMemlock           // max locked-in-memory address space
+	RlimitAs                // address space limit
+	RlimitLocks             // maximum file locks held
+	RlimitSigpending        // max number of pending signals
+	RlimitMsgqueue          // maximum bytes in POSIX mqueues
+	RlimitNice              // max nice prio allowed to raise to
+	RlimitRtprio            // maximum realtime priority
+	RlimitRttime            // timeout for RT tasks in us
 )
 
 var rlimitMap = map[string]int{
-	"RLIMIT_CPU":       RLIMIT_CPU,
-	"RLIMIT_FSIZE":     RLIMIT_FSIZE,
-	"RLIMIT_DATA":      RLIMIT_DATA,
-	"RLIMIT_STACK":     RLIMIT_STACK,
-	"RLIMIT_CORE":      RLIMIT_CORE,
-	"RLIMIT_RSS":       RLIMIT_RSS,
-	"RLIMIT_NPROC":     RLIMIT_NPROC,
-	"RLIMIT_NOFILE":    RLIMIT_NOFILE,
-	"RLIMIT_MEMLOCK":   RLIMIT_MEMLOCK,
-	"RLIMIT_AS":        RLIMIT_AS,
-	"RLIMIT_LOCKS":     RLIMIT_LOCKS,
-	"RLIMIT_SGPENDING": RLIMIT_SIGPENDING,
-	"RLIMIT_MSGQUEUE":  RLIMIT_MSGQUEUE,
-	"RLIMIT_NICE":      RLIMIT_NICE,
-	"RLIMIT_RTPRIO":    RLIMIT_RTPRIO,
-	"RLIMIT_RTTIME":    RLIMIT_RTTIME,
+	"RLIMIT_CPU":       RlimitCPU,
+	"RLIMIT_FSIZE":     RlimitFsize,
+	"RLIMIT_DATA":      RlimitData,
+	"RLIMIT_STACK":     RlimitStack,
+	"RLIMIT_CORE":      RlimitCore,
+	"RLIMIT_RSS":       RlimitRss,
+	"RLIMIT_NPROC":     RlimitNproc,
+	"RLIMIT_NOFILE":    RlimitNofile,
+	"RLIMIT_MEMLOCK":   RlimitMemlock,
+	"RLIMIT_AS":        RlimitAs,
+	"RLIMIT_LOCKS":     RlimitLocks,
+	"RLIMIT_SGPENDING": RlimitSigpending,
+	"RLIMIT_MSGQUEUE":  RlimitMsgqueue,
+	"RLIMIT_NICE":      RlimitNice,
+	"RLIMIT_RTPRIO":    RlimitRtprio,
+	"RLIMIT_RTTIME":    RlimitRttime,
 }
 
 func strToRlimit(key string) (int, error) {

@@ -129,11 +129,11 @@ func modify(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.C
 	groups := context.StringSlice("groups")
 	if groups != nil {
 		for _, g := range groups {
-			groupId, err := strconv.Atoi(g)
+			groupID, err := strconv.Atoi(g)
 			if err != nil {
 				return err
 			}
-			spec.Process.User.AdditionalGids = append(spec.Process.User.AdditionalGids, uint32(groupId))
+			spec.Process.User.AdditionalGids = append(spec.Process.User.AdditionalGids, uint32(groupID))
 		}
 	}
 
@@ -261,15 +261,24 @@ func addSeccompSyscall(rspec *specs.LinuxRuntimeSpec, sSyscall []string) error {
 								"SCMP_CMP_GT|SCMP_CMP_MASKED_EQ")
 						}
 						op := specs.Operator(args[3])
-						Arg := specs.Arg{uint(index), uint64(value), uint64(value2), op}
+						Arg := specs.Arg{
+							Index:    uint(index),
+							Value:    uint64(value),
+							ValueTwo: uint64(value2),
+							Op:       op,
+						}
 						Args = append(Args, &Arg)
 					} else {
 						return fmt.Errorf("seccomp-sysctl args error: %s", argsstru)
 					}
 				}
 			}
 
-			syscallstruct := specs.Syscall{name, action, Args}
+			syscallstruct := specs.Syscall{
+				Name:   name,
+				Action: action,
+				Args:   Args,
+			}
 			rspec.Linux.Seccomp.Syscalls = append(rspec.Linux.Seccomp.Syscalls, &syscallstruct)
 		} else {
 			return fmt.Errorf("seccomp sysctl must consist of 3 parameters")
@@ -333,7 +342,12 @@ func parseArgs(args2parse string) ([]*specs.Arg, error) {
 				return nil, fmt.Errorf("seccomp-sysctl args must be empty or one of SCMP_CMP_NE|SCMP_CMP_LT|SCMP_CMP_LE|SCMP_CMP_EQ|SCMP_CMP_GE|SCMP_CMP_GT|SCMP_CMP_MASKED_EQ")
 			}
 			op := specs.Operator(args[3])
-			Arg := specs.Arg{uint(index), uint64(value), uint64(value2), op}
+			Arg := specs.Arg{
+				Index:    uint(index),
+				Value:    uint64(value),
+				ValueTwo: uint64(value2),
+				Op:       op,
+			}
 			Args = append(Args, &Arg)
 		} else {
 			return nil, fmt.Errorf("seccomp-sysctl args error: %s", argstr)
@@ -352,7 +366,11 @@ func addIDMappings(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context
 			if err != nil {
 				return err
 			}
-			uidmapping := specs.IDMapping{uint32(hid), uint32(cid), uint32(size)}
+			uidmapping := specs.IDMapping{
+				HostID:      uint32(hid),
+				ContainerID: uint32(cid),
+				Size:        uint32(size),
+			}
 			rspec.Linux.UIDMappings = append(rspec.Linux.UIDMappings, uidmapping)
 		} else {
 			return fmt.Errorf("uidmappings error: %s", uidms)
@@ -368,7 +386,11 @@ func addIDMappings(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context
 			if err != nil {
 				return err
 			}
-			gidmapping := specs.IDMapping{uint32(hid), uint32(cid), uint32(size)}
+			gidmapping := specs.IDMapping{
+				HostID:      uint32(hid),
+				ContainerID: uint32(cid),
+				Size:        uint32(size),
+			}
 			rspec.Linux.GIDMappings = append(rspec.Linux.GIDMappings, gidmapping)
 		} else {
 			return fmt.Errorf("gidmappings error: %s", gidms)