-
Notifications
You must be signed in to change notification settings - Fork 553
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
config-linux: Forbid the empty string for mountLabel #843
Closed
Closed
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dont think this has to be too restrictive. Probably something equivalent to
an empty value will not be applied / have no effectis good enough.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Runtimes don't have to validate this if they don't want. But when we are validating, I think we want to treat empty-string
mountLabels as errors for the same reasons that we treatnulls as errors in a number of places (see here and #662). Why would a config author who understood that empty strings are ignored set an empty-string value instead of leaving the property unset? I think it's much more likely that config authors explicitly setting an empty-string value actually expect it to do something, and a “that's not valid” error will help correct their misunderstanding.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So i dont think opencontainers/runtime-tools#386 that you referred to has anything to do with empty string clarification here. If we want opencontainers/runtime-tools#386 to seems correct, then we would have to include some current selinux validation code here i.e.
and i think it doesnt make sense for the spec to chase how selinux validates the options.
I dont think this is correct. IIRC we just remove null / pointers in many fields because it's replaceable in many cases with the usages of default value which is simpler to use ( in this case an empty string ).
I'm not sure if this is true, but even if it is, clarification on the default value ( empty string ) seems like a more reasonable option for me than enforcing that it always needs to have an non-empty value.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The connection is the line I linked in the initial comment.
That only makes sense if we have some reason to know that either:
a. the empty string is valid in its own right (in which case we'd probably want to patch the Go type to use
*stringand patch the validation to accept the empty string), orb. the empty string is invalid, so we can use something like opencontainers/runtime-tools#197 if we want to catch those invalid ,
"mountLabel": ""configs, and everybody else can do whatever undefined thing they want them (including treating them like configs that don't setmountLabelat all, which is what thestringGo type does).This PR goes with (b), but I'm fine going with (a) if folks feel like that's more appropriate.
I think this part of validation is #844.
There's a distinction between “the default is {whatever}”, where the runtime still does something with that default (e.g. here), and “the default is to not do anything”, where you might as well leave the property unset. We have lots of cases where leaving the property unset means “do nothing”, and I don't see the point of defining (and requiring support for) synonyms like setting an explicit
nullor empty-string value.That's more work for runtimes (now you have to handle both unset and empty-string values), although it's not much more work in Go (where using a
stringtype and the default deserializer collapse those two cases for you). And it's more work for compliance testing, which now needs to check that the runtime does the right thing for both the unset and empty-string cases. And it's an unnecessary decision for config authors, who need to figure out which of the two ways to say “don't do anything” they'd like to use. What's the upside?