We use cookies to ensure you get the best experience on our website
Inicio Explorar Axuda
Rexistro Iniciar sesión
0ct0pu5
/
moby
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

exec/tests: add test for `--group-add` with `--user`

Adds test ensuring that additional groups set with `--group-add`
are kept on exec when container had `--user` set on run.

Regression test for https://github.com/moby/moby/issues/46712

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Laura Brehm hai 1 ano
pai
1b9411ef77
achega
153d7e4038
Modificáronse 2 ficheiros con 28 adicións e 0 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 21 0
      integration/container/exec_test.go
  2. 7 0
      integration/internal/container/ops.go

+ 21 - 0
integration/container/exec_test.go
Ver ficheiro 

@@ -2,6 +2,7 @@ package container // import "github.com/docker/docker/integration/container"
 
 
 import (
 
 	"io"
 
+	"strings"
 
 	"testing"
 
 	"time"
 
 
@@ -136,3 +137,23 @@ func TestExecUser(t *testing.T) {
 
 
 	assert.Assert(t, is.Contains(result.Stdout(), "uid=1(daemon) gid=1(daemon)"), "exec command not running as uid/gid 1")
 
 }
 
+
 
+// Test that additional groups set with `--group-add` are kept on exec when the container
 
+// also has a user set.
 
+// (regression test for https://github.com/moby/moby/issues/46712)
 
+func TestExecWithGroupAdd(t *testing.T) {
 
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.39"), "broken in earlier versions")
 
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows", "FIXME. Probably needs to wait for container to be in running state.")
 
+
 
+	ctx := setupTest(t)
 
+	apiClient := testEnv.APIClient()
 
+
 
+	cID := container.Run(ctx, t, apiClient, container.WithTty(true), container.WithUser("root:root"), container.WithAdditionalGroups("staff", "wheel", "audio", "777"), container.WithCmd("sleep", "5"))
 
+
 
+	result, err := container.Exec(ctx, apiClient, cID, []string{"id"})
 
+	assert.NilError(t, err)
 
+
 
+	assert.Assert(t,
 
+		is.Equal(strings.TrimSpace(result.Stdout()), "uid=0(root) gid=0(root) groups=0(root),10(wheel),29(audio),50(staff),777"),
 
+		"exec command not keeping additional groups w/ user")
 
+}

+ 7 - 0
integration/internal/container/ops.go
Ver ficheiro 

@@ -193,6 +193,13 @@ func WithUser(user string) func(c *TestContainerConfig) {
 
 	}
 
 }
 
 
+// WithAdditionalGroups sets the additional groups for the container
 
+func WithAdditionalGroups(groups ...string) func(c *TestContainerConfig) {
 
+	return func(c *TestContainerConfig) {
 
+		c.HostConfig.GroupAdd = groups
 
+	}
 
+}
 
+
 
 // WithPrivileged sets privileged mode for the container
 
 func WithPrivileged(privileged bool) func(*TestContainerConfig) {
 
 	return func(c *TestContainerConfig) {

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5