go-units icon indicating copy to clipboard operation
go-units copied to clipboard

Published 20 hours ago verified publisher icon docker

Should verify that the max value is not too big

Open rhatdan opened this issue 5 years ago • 11 comments
trafficstars

When parsing the ulimit, we should check if the ulimit max value is greater then the processes max value. If yes then we should return an error.

Signed-off-by: Daniel J Walsh [email protected]

rhatdan avatar Apr 27 '20 19:04 rhatdan

@vrothberg FYI

rhatdan avatar Apr 27 '20 19:04 rhatdan

@AkihiroSuda @vdemeester @thaJeztah PTAL

vrothberg avatar Apr 28 '20 05:04 vrothberg

There's been some discussion around validation in the "go" code versus delegating to the kernel itself; does Linux return an error in this case, or is it silently ignored?

thaJeztah avatar Apr 28 '20 09:04 thaJeztah

Sure, the reason I wanted to do this hear was to avoid duplicating the data. Perhaps if we add a different function.

rhatdan avatar Apr 28 '20 17:04 rhatdan

@thaJeztah Revamped this work, (Going through some old PR's) Now just added a verify function that will check against kernel. The problem is these values are just handed to different OCIs, and they can give you some useless information back to the user.

This should make it easier to diagnose the error, with a better error message.

rhatdan avatar Aug 04 '20 10:08 rhatdan

@thaJeztah Decided to not wait 4 months again to update...

rhatdan avatar Aug 04 '20 20:08 rhatdan

@thaJeztah seems this issue was addressed -- the test case now gets the max value from the kernel.

Ah, forgot about this one.

I'm still a bit on the fence if querying what the kernel supports, and validating against that is within scope of this module and/or if it should be more of a concern of the code using this module (so far the module was used to only parse values, and to validate a correct format, but no other assumptions) 🤔.

What are your thoughts on that, @kolyshkin ?

thaJeztah avatar May 17 '22 10:05 thaJeztah

Two year old PR, that I totally forgot about. :^(

rhatdan avatar May 17 '22 19:05 rhatdan

I'm on the verge about it. True, this package is only about parsing, it does not talk to the kernel in any way etc.

OTOH this package knows about ulimit, which is a UNIX concept, and adding Verify method is super easy here, and is not that easy in the other package (since the implementation uses a map which is internal to this package).

Overall I think this should go in, with the only change that Verify should not be specific to Linux -- looks like any unix (including *bsd and darwin) should support it. Perhaps even !windows (need to take a look at whatever x/sys/unix implements).

kolyshkin avatar May 18 '22 01:05 kolyshkin

Another thing is, this raises the bar to how this should be tested -- at least we now need to compile this for various GOOS/GOARCH combinations.

kolyshkin avatar May 18 '22 02:05 kolyshkin

Yes it's a bit of a tough one; I can definitely see the convenience of having the Validate(). Mostly concerned if it would be widening the scope too much (in addition to the dependency graph).

thaJeztah avatar May 18 '22 12:05 thaJeztah