diff options
| author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-06-09 12:31:28 +0100 |
|---|---|---|
| committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-06-09 12:31:28 +0100 |
| commit | 7cc1117b3fb56fc6958570f6abe893f6cbb9335c (patch) | |
| tree | f30462f583cde31154181a0b204a5aa06a362b13 | |
| parent | c30872027ca3f237b3cb4eca60b2681be62f076d (diff) | |
| download | sandboxlib-7cc1117b3fb56fc6958570f6abe893f6cbb9335c.tar.gz | |
Validate parameters using CAPABILITIES dict, instead of manually
| -rw-r--r-- | sandboxlib/linux_user_chroot.py | 15 | ||||
| -rw-r--r-- | sandboxlib/utils.py | 8 |
2 files changed, 11 insertions, 12 deletions
diff --git a/sandboxlib/linux_user_chroot.py b/sandboxlib/linux_user_chroot.py index 755e70e..4b88e50 100644 --- a/sandboxlib/linux_user_chroot.py +++ b/sandboxlib/linux_user_chroot.py @@ -117,13 +117,9 @@ def process_mount_config(mounts, extra_mounts): # linux-user-chroot always calls clone(CLONE_NEWNS) which creates a new # mount namespace. It also ensures that all mount points inside the sandbox # are private, by calling mount("/", MS_PRIVATE | MS_REC). So 'isolated' is - # the only option. - supported_values = ['undefined', 'isolated'] + # the only option for 'mounts'. - assert mounts in supported_values, \ - "'%s' is an unsupported value for 'mounts' in the " \ - "'linux-user-chroot' backend. Supported values: %s" \ - % (mounts, ', '.join(supported_values)) + sandboxlib.utils.check_parameter('mounts', mounts, CAPABILITIES['mounts']) # This is only used if there are tmpfs mounts, but it's simpler to # create it unconditionally. @@ -151,12 +147,7 @@ def process_network_config(network): # blocked'? Or does it mean 'working, with /etc/resolv.conf correctly set # up'? So that's not handled yet. - supported_values = ['undefined', 'isolated'] - - assert network in supported_values, \ - "'%s' is an unsupported value for 'network' in the " \ - "'linux-user-chroot' backend. Supported values: %s" \ - % (network, ', '.join(supported_values)) + sandboxlib.utils.check_parameter('network', network, CAPABILITIES['network']) if network == 'isolated': # This is all we need to do for network isolation diff --git a/sandboxlib/utils.py b/sandboxlib/utils.py index af5fe3e..b3ec867 100644 --- a/sandboxlib/utils.py +++ b/sandboxlib/utils.py @@ -22,6 +22,14 @@ import sys import sandboxlib +def check_parameter(name, value, supported_values): + assert value in supported_values, \ + "'%(value)s' is an unsupported value for '%(name)s' in this " \ + "backend. Supported values: %(supported_values)s".format( + name=name, value=value, + supported_values=', '.join(supported_values)) + + def find_program(program_name): search_path = os.environ.get('PATH') |