From 60159f9737890b09bfeb69c1f47b6de1cd55ceeb Mon Sep 17 00:00:00 2001
From: Rohit Jnagal <jnagal@google.com>
Date: Fri, 25 Apr 2014 00:17:45 +0000
Subject: [PATCH] Fix container.json sample to be loadable by nsinit.

Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
---
 libcontainer/README.md         | 40 +++++++++++------------
 libcontainer/container.json    | 43 ++++++++++++------------
 libcontainer/container_test.go | 60 ++++++++++++++++++++++++++++++++++
 3 files changed, 102 insertions(+), 41 deletions(-)
 create mode 100644 libcontainer/container_test.go

diff --git a/libcontainer/README.md b/libcontainer/README.md
index d6d0fba..224465c 100644
--- a/libcontainer/README.md
+++ b/libcontainer/README.md
@@ -41,21 +41,21 @@ Sample `container.json` file:
       "TERM=xterm"
    ],
    "capabilities_mask" : [
-      "SETPCAP",
-      "SYS_MODULE",
-      "SYS_RAWIO",
-      "SYS_PACCT",
-      "SYS_ADMIN",
-      "SYS_NICE",
-      "SYS_RESOURCE",
-      "SYS_TIME",
-      "SYS_TTY_CONFIG",
-      "MKNOD",
-      "AUDIT_WRITE",
-      "AUDIT_CONTROL",
-      "MAC_OVERRIDE",
-      "MAC_ADMIN",
-      "NET_ADMIN"
+      { "key": "SETPCAP" },
+      { "key": "SYS_MODULE" },
+      { "key": "SYS_RAWIO" },
+      { "key": "SYS_PACCT" },
+      { "key": "SYS_ADMIN" },
+      { "key": "SYS_NICE" },
+      { "key": "SYS_RESOURCE" },
+      { "key": "SYS_TIME" },
+      { "key": "SYS_TTY_CONFIG" },
+      { "key": "MKNOD" },
+      { "key": "AUDIT_WRITE" },
+      { "key": "AUDIT_CONTROL" },
+      { "key": "MAC_OVERRIDE" },
+      { "key": "MAC_ADMIN" },
+      { "key": "NET_ADMIN" }
    ],
    "context" : {
       "apparmor_profile" : "docker-default"
@@ -81,11 +81,11 @@ Sample `container.json` file:
       }
    ],
    "namespaces" : [
-      "NEWNS",
-      "NEWUTS",
-      "NEWIPC",
-      "NEWPID",
-      "NEWNET"
+      { "key": "NEWNS" },
+      { "key": "NEWUTS" },
+      { "key": "NEWIPC" },
+      { "key": "NEWPID" },
+      { "key": "NEWNET" }
    ]
 }
 ```
diff --git a/libcontainer/container.json b/libcontainer/container.json
index f045315..b0465d4 100644
--- a/libcontainer/container.json
+++ b/libcontainer/container.json
@@ -8,28 +8,28 @@
         "TERM=xterm-256color"
     ],
     "namespaces": [
-        "NEWIPC",
-        "NEWNS",
-        "NEWPID",
-        "NEWUTS",
-        "NEWNET"
+    	{ "key": "NEWIPC" },
+    	{ "key": "NEWNS"  },
+    	{ "key": "NEWPID" },
+    	{ "key": "NEWUTS" },
+    	{ "key": "NEWNET" }
     ],
     "capabilities_mask": [
-        "SETPCAP",
-        "SYS_MODULE",
-        "SYS_RAWIO",
-        "SYS_PACCT",
-        "SYS_ADMIN",
-        "SYS_NICE",
-        "SYS_RESOURCE",
-        "SYS_TIME",
-        "SYS_TTY_CONFIG",
-        "MKNOD",
-        "AUDIT_WRITE",
-        "AUDIT_CONTROL",
-        "MAC_OVERRIDE",
-        "MAC_ADMIN",
-        "NET_ADMIN"
+    	{ "key": "SETPCAP" },
+    	{ "key": "SYS_MODULE" },
+	{ "key": "SYS_RAWIO" },
+	{ "key": "SYS_PACCT" },
+	{ "key": "SYS_ADMIN" },
+	{ "key": "SYS_NICE" },
+	{ "key": "SYS_RESOURCE" },
+	{ "key": "SYS_TIME" },
+	{ "key": "SYS_TTY_CONFIG" },
+	{ "key": "MKNOD" },
+	{ "key": "AUDIT_WRITE" },
+	{ "key": "AUDIT_CONTROL" },
+	{ "key": "MAC_OVERRIDE" },
+	{ "key": "MAC_ADMIN" },
+	{ "key": "NET_ADMIN" }
     ],
     "networks": [{
             "type": "veth",
@@ -45,6 +45,7 @@
     "cgroups": {
         "name": "docker-koye",
         "parent": "docker",
-        "memory": 5248000
+        "memory": 5248000,
+	"cpu_shares": 1024
     }
 }
diff --git a/libcontainer/container_test.go b/libcontainer/container_test.go
new file mode 100644
index 0000000..06e7979
--- /dev/null
+++ b/libcontainer/container_test.go
@@ -0,0 +1,60 @@
+package libcontainer
+
+import (
+	"encoding/json"
+	"os"
+	"testing"
+)
+
+func TestContainerJsonFormat(t *testing.T) {
+	f, err := os.Open("container.json")
+	if err != nil {
+		t.Fatal("Unable to open container.json")
+	}
+	defer f.Close()
+
+	var container *Container
+	if err := json.NewDecoder(f).Decode(&container); err != nil {
+		t.Log("failed to decode container config")
+		t.FailNow()
+	}
+	if container.Hostname != "koye" {
+		t.Log("hostname is not set")
+		t.Fail()
+	}
+
+	if !container.Tty {
+		t.Log("tty should be set to true")
+		t.Fail()
+	}
+
+	if !container.Namespaces.Contains("NEWNET") {
+		t.Log("namespaces should contain NEWNET")
+		t.Fail()
+	}
+
+	if container.Namespaces.Contains("NEWUSER") {
+		t.Log("namespaces should not contain NEWUSER")
+		t.Fail()
+	}
+
+	if !container.CapabilitiesMask.Contains("SYS_ADMIN") {
+		t.Log("capabilities should contain SYS_ADMIN")
+		t.Fail()
+	}
+
+	if container.CapabilitiesMask.Contains("SYS_CHROOT") {
+		t.Log("capabitlies should not contain SYS_CHROOT")
+		t.Fail()
+	}
+
+	if container.Cgroups.CpuShares != 1024 {
+		t.Log("cpu shares not set correctly")
+		t.Fail()
+	}
+
+	if container.Cgroups.Memory != 5248000 {
+		t.Log("memory limit not set correctly")
+		t.Fail()
+	}
+}