Validate uids and gids for securitycontext

2025-10-08 14:29:45 +00:00 · 2015-11-20 10:42:02 +08:00
parent 66d3cbf889
commit 27934da9cc
4 changed files with 144 additions and 0 deletions
--- a/pkg/util/validation/validation.go
+++ b/pkg/util/validation/validation.go
@@ -17,6 +17,7 @@ limitations under the License.
 package validation

 import (
+	"math"
 	"net"
 	"regexp"
 	"strings"
@@ -105,6 +106,25 @@ func IsValidPortNum(port int) bool {
 	return 0 < port && port < 65536
 }

+// Now in libcontainer UID/GID limits is 0 ~ 1<<31 - 1
+// TODO: once we have a type for UID/GID we should make these that type.
+const (
+	minUserID  = 0
+	maxUserID  = math.MaxInt32
+	minGroupID = 0
+	maxGroupID = math.MaxInt32
+)
+
+// IsValidGroupId tests that the argument is a valid gids.
+func IsValidGroupId(gid int64) bool {
+	return minGroupID <= gid && gid <= maxGroupID
+}
+
+// IsValidUserId tests that the argument is a valid uids.
+func IsValidUserId(uid int64) bool {
+	return minUserID <= uid && uid <= maxUserID
+}
+
 const doubleHyphensFmt string = ".*(--).*"

 var doubleHyphensRegexp = regexp.MustCompile("^" + doubleHyphensFmt + "$")