validate: Code optimization

Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>

Author: zhouhao

specerror/config-linux.go

@@ -10,14 +10,31 @@ import (
 const (
 	// DefaultFilesystems represents "The following filesystems SHOULD be made available in each container's filesystem:"
 	DefaultFilesystems = "The following filesystems SHOULD be made available in each container's filesystem:"
+	NamespacesType     = "The following namespace types are supported:"
+	NamespacesPathAbs  = "This value MUST be an absolute path in the runtime mount namespace."
+	MaskedPathsAbs     = "Mask over the provided paths inside the container. The values MUST be absolute paths in the container namespace."
+	ReadonlyPathsAbs   = "Set the provided paths as readonly inside the container. The values MUST be absolute paths in the container namespace."
 )
 
 var (
 	defaultFilesystemsRef = func(version string) (reference string, err error) {
 		return fmt.Sprintf(referenceTemplate, version, "config-linux.md#default-filesystems"), nil
 	}
+	namespacesRef = func(version string) (reference string, err error) {
+		return fmt.Sprintf(referenceTemplate, version, "config-linux.md#namespaces"), nil
+	}
+	maskedPathsRef = func(version string) (reference string, err error) {
+		return fmt.Sprintf(referenceTemplate, version, "config-linux.md#masked-paths"), nil
+	}
+	readonlyPathsRef = func(version string) (reference string, err error) {
+		return fmt.Sprintf(referenceTemplate, version, "config-linux.md#readonly-paths"), nil
+	}
 )
 
 func init() {
 	register(DefaultFilesystems, rfc2119.Should, defaultFilesystemsRef)
+	register(NamespacesType, rfc2119.Should, namespacesRef)
+	register(NamespacesPathAbs, rfc2119.Must, namespacesRef)
+	register(MaskedPathsAbs, rfc2119.Must, maskedPathsRef)
+	register(ReadonlyPathsAbs, rfc2119.Must, readonlyPathsRef)
 }

validate/validate.go

@@ -560,8 +560,8 @@ func (v *Validator) CheckLinux() (errs error) {
 
 	for index := 0; index < len(v.spec.Linux.Namespaces); index++ {
 		ns := v.spec.Linux.Namespaces[index]
-		if !v.namespaceValid(ns) {
-			errs = multierror.Append(errs, fmt.Errorf("namespace %v is invalid", ns))
+		if err := v.namespaceValid(ns); err != nil {
+			errs = multierror.Append(errs, err)
 		}
 
 		tmpItem := nsTypeList[ns.Type]
@@ -701,13 +701,15 @@ func (v *Validator) CheckLinux() (errs error) {
 
 	for _, maskedPath := range v.spec.Linux.MaskedPaths {
 		if !strings.HasPrefix(maskedPath, "/") {
-			errs = multierror.Append(errs, fmt.Errorf("maskedPath %v is not an absolute path", maskedPath))
+			errs = multierror.Append(errs,
+				specerror.NewError(specerror.MaskedPathsAbs, fmt.Errorf("maskedPath %v is not an absolute path", maskedPath), rspec.Version))
 		}
 	}
 
 	for _, readonlyPath := range v.spec.Linux.ReadonlyPaths {
 		if !strings.HasPrefix(readonlyPath, "/") {
-			errs = multierror.Append(errs, fmt.Errorf("readonlyPath %v is not an absolute path", readonlyPath))
+			errs = multierror.Append(errs,
+				specerror.NewError(specerror.ReadonlyPathsAbs, fmt.Errorf("readonlyPath %v is not an absolute path", readonlyPath), rspec.Version))
 		}
 	}
 
@@ -885,7 +887,7 @@ func (v *Validator) rlimitValid(rlimit rspec.POSIXRlimit) (errs error) {
 	return
 }
 
-func (v *Validator) namespaceValid(ns rspec.LinuxNamespace) bool {
+func (v *Validator) namespaceValid(ns rspec.LinuxNamespace) error {
 	switch ns.Type {
 	case rspec.PIDNamespace:
 	case rspec.NetworkNamespace:
@@ -895,14 +897,14 @@ func (v *Validator) namespaceValid(ns rspec.LinuxNamespace) bool {
 	case rspec.UserNamespace:
 	case rspec.CgroupNamespace:
 	default:
-		return false
+		return specerror.NewError(specerror.NamespacesType, fmt.Errorf("namespace type %s may not be valid", ns.Type), rspec.Version)
 	}
 
 	if ns.Path != "" && !osFilepath.IsAbs(v.platform, ns.Path) {
-		return false
+		return specerror.NewError(specerror.NamespacesPathAbs, fmt.Errorf("path %v of namespace %v is not absolute path", ns.Path, ns), rspec.Version)
 	}
 
-	return true
+	return nil
 }
 
 func deviceValid(d rspec.LinuxDevice) bool {