update runtime-spec version

Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>

cmd/oci-runtime-tool/generate.go

@@ -52,8 +52,8 @@ var generateFlags = []cli.Flag{
 	cli.IntFlag{Name: "linux-network-classid", Usage: "specifies class identifier tagged by container's network packets"},
 	cli.StringSliceFlag{Name: "linux-network-priorities", Usage: "specifies priorities of network traffic"},
 	cli.Int64Flag{Name: "linux-pids-limit", Usage: "maximum number of PIDs"},
-	cli.Uint64Flag{Name: "linux-realtime-period", Usage: "CPU period to be used for realtime scheduling (in usecs)"},
-	cli.Uint64Flag{Name: "linux-realtime-runtime", Usage: "the time realtime scheduling may use (in usecs)"},
+	cli.Int64Flag{Name: "linux-realtime-period", Usage: "CPU period to be used for realtime scheduling (in usecs)"},
+	cli.Int64Flag{Name: "linux-realtime-runtime", Usage: "the time realtime scheduling may use (in usecs)"},
 	cli.StringSliceFlag{Name: "masked-paths", Usage: "specifies paths can not be read inside container"},
 	cli.StringFlag{Name: "mount-cgroups", Value: "no", Usage: "mount cgroups (rw,ro,no)"},
 	cli.StringFlag{Name: "mount-label", Usage: "selinux mount context label"},
@@ -385,11 +385,11 @@ func setupSpec(g *generate.Generator, context *cli.Context) error {
 	}
 
 	if context.IsSet("linux-cpu-quota") {
-		g.SetLinuxResourcesCPUQuota(context.Uint64("linux-cpu-quota"))
+		g.SetLinuxResourcesCPUQuota(context.Int64("linux-cpu-quota"))
 	}
 
 	if context.IsSet("linux-realtime-runtime") {
-		g.SetLinuxResourcesCPURealtimeRuntime(context.Uint64("linux-realtime-runtime"))
+		g.SetLinuxResourcesCPURealtimeRuntime(context.Int64("linux-realtime-runtime"))
 	}
 
 	if context.IsSet("linux-pids-limit") {
@@ -644,7 +644,7 @@ var deviceType = map[string]bool{
 
 // addDevice takes the raw string passed with the --device flag, parses it, and add it
 func addDevice(device string, g *generate.Generator) error {
-	dev := rspec.Device{}
+	dev := rspec.LinuxDevice{}
 
 	// The required part and optional part are separated by ":"
 	argsParts := strings.Split(device, ":")

cmd/runtimetest/main.go

@@ -165,9 +165,25 @@ func validateCapabilities(spec *rspec.Spec) error {
 		return err
 	}
 
-	expectedCaps := make(map[string]bool)
-	for _, ec := range spec.Process.Capabilities {
-		expectedCaps[ec] = true
+	expectedCaps1 := make(map[string]bool)
+	expectedCaps2 := make(map[string]bool)
+	expectedCaps3 := make(map[string]bool)
+	expectedCaps4 := make(map[string]bool)
+	expectedCaps5 := make(map[string]bool)
+	for _, ec := range spec.Process.Capabilities.Bounding {
+		expectedCaps1[ec] = true
+	}
+	for _, ec := range spec.Process.Capabilities.Effective {
+		expectedCaps2[ec] = true
+	}
+	for _, ec := range spec.Process.Capabilities.Inheritable {
+		expectedCaps3[ec] = true
+	}
+	for _, ec := range spec.Process.Capabilities.Permitted {
+		expectedCaps4[ec] = true
+	}
+	for _, ec := range spec.Process.Capabilities.Ambient {
+		expectedCaps5[ec] = true
 	}
 
 	for _, cap := range capability.List() {
@@ -176,8 +192,40 @@ func validateCapabilities(spec *rspec.Spec) error {
 		}
 
 		capKey := fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String()))
-		expectedSet := expectedCaps[capKey]
-		actuallySet := processCaps.Get(capability.EFFECTIVE, cap)
+		expectedSet := expectedCaps1[capKey]
+		actuallySet := processCaps.Get(capability.BOUNDING, cap)
+		if expectedSet != actuallySet {
+			if expectedSet {
+				return fmt.Errorf("Expected Capability %v not set for process", cap.String())
+			}
+			return fmt.Errorf("Unexpected Capability %v set for process", cap.String())
+		}
+		expectedSet = expectedCaps2[capKey]
+		actuallySet = processCaps.Get(capability.EFFECTIVE, cap)
+		if expectedSet != actuallySet {
+			if expectedSet {
+				return fmt.Errorf("Expected Capability %v not set for process", cap.String())
+			}
+			return fmt.Errorf("Unexpected Capability %v set for process", cap.String())
+		}
+		expectedSet = expectedCaps3[capKey]
+		actuallySet = processCaps.Get(capability.INHERITABLE, cap)
+		if expectedSet != actuallySet {
+			if expectedSet {
+				return fmt.Errorf("Expected Capability %v not set for process", cap.String())
+			}
+			return fmt.Errorf("Unexpected Capability %v set for process", cap.String())
+		}
+		expectedSet = expectedCaps4[capKey]
+		actuallySet = processCaps.Get(capability.PERMITTED, cap)
+		if expectedSet != actuallySet {
+			if expectedSet {
+				return fmt.Errorf("Expected Capability %v not set for process", cap.String())
+			}
+			return fmt.Errorf("Unexpected Capability %v set for process", cap.String())
+		}
+		expectedSet = expectedCaps5[capKey]
+		actuallySet = processCaps.Get(capability.AMBIENT, cap)
 		if expectedSet != actuallySet {
 			if expectedSet {
 				return fmt.Errorf("Expected Capability %v not set for process", cap.String())
@@ -423,8 +471,8 @@ func validateOOMScoreAdj(spec *rspec.Spec) error {
 	return nil
 }
 
-func getIDMappings(path string) ([]rspec.IDMapping, error) {
-	var idMaps []rspec.IDMapping
+func getIDMappings(path string) ([]rspec.LinuxIDMapping, error) {
+	var idMaps []rspec.LinuxIDMapping
 	f, err := os.Open(path)
 	if err != nil {
 		return nil, err
@@ -451,7 +499,7 @@ func getIDMappings(path string) ([]rspec.IDMapping, error) {
 			if err != nil {
 				return nil, err
 			}
-			idMaps = append(idMaps, rspec.IDMapping{HostID: uint32(hostID), ContainerID: uint32(containerID), Size: uint32(mapSize)})
+			idMaps = append(idMaps, rspec.LinuxIDMapping{HostID: uint32(hostID), ContainerID: uint32(containerID), Size: uint32(mapSize)})
 		} else {
 			return nil, fmt.Errorf("invalid format in %v", path)
 		}
@@ -460,7 +508,7 @@ func getIDMappings(path string) ([]rspec.IDMapping, error) {
 	return idMaps, nil
 }
 
-func validateIDMappings(mappings []rspec.IDMapping, path string, property string) error {
+func validateIDMappings(mappings []rspec.LinuxIDMapping, path string, property string) error {
 	idMaps, err := getIDMappings(path)
 	if err != nil {
 		return fmt.Errorf("can not get items: %v", err)