From 615585ae7e9db34dc425b485eb787f9cb020c2c5 Mon Sep 17 00:00:00 2001
From: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Date: Fri, 27 May 2016 15:20:52 +0800
Subject: [PATCH] runtimetest: add masked paths validation

Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
---
 cmd/runtimetest/main.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/cmd/runtimetest/main.go b/cmd/runtimetest/main.go
index 874a027c4..45a67a36c 100644
--- a/cmd/runtimetest/main.go
+++ b/cmd/runtimetest/main.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -215,6 +216,23 @@ func validateRootFS(spec *rspec.Spec) error {
 	return nil
 }
 
+func validateMaskedPaths(spec *rspec.Spec) error {
+	fmt.Println("validating maskedPaths")
+	for _, maskedPath := range spec.Linux.MaskedPaths {
+		f, err := os.Open(maskedPath)
+		if err != nil {
+			return err
+		}
+		defer f.Close()
+		b := make([]byte, 1)
+		_, err = f.Read(b)
+		if err != io.EOF {
+			return fmt.Errorf("%v should not be readable", maskedPath)
+		}
+	}
+	return nil
+}
+
 func main() {
 	spec, err := loadSpecConfig()
 	if err != nil {
@@ -228,6 +246,7 @@ func main() {
 		validateHostname,
 		validateRlimits,
 		validateSysctls,
+		validateMaskedPaths,
 	}
 
 	for _, v := range validations {