|
@@ -7,6 +7,7 @@ import (
|
|
|
"fmt"
|
|
"fmt"
|
|
|
"io/ioutil"
|
|
"io/ioutil"
|
|
|
"os"
|
|
"os"
|
|
|
|
|
+ "os/exec"
|
|
|
"path/filepath"
|
|
"path/filepath"
|
|
|
"strings"
|
|
"strings"
|
|
|
"syscall"
|
|
"syscall"
|
|
@@ -222,6 +223,13 @@ func TestTarWithBlockCharFifo(t *testing.T) {
|
|
|
// TestTarUntarWithXattr is Unix as Lsetxattr is not supported on Windows
|
|
// TestTarUntarWithXattr is Unix as Lsetxattr is not supported on Windows
|
|
|
func TestTarUntarWithXattr(t *testing.T) {
|
|
func TestTarUntarWithXattr(t *testing.T) {
|
|
|
skip.If(t, os.Getuid() != 0, "skipping test that requires root")
|
|
skip.If(t, os.Getuid() != 0, "skipping test that requires root")
|
|
|
|
|
+ if _, err := exec.LookPath("setcap"); err != nil {
|
|
|
|
|
+ t.Skip("setcap not installed")
|
|
|
|
|
+ }
|
|
|
|
|
+ if _, err := exec.LookPath("getcap"); err != nil {
|
|
|
|
|
+ t.Skip("getcap not installed")
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
origin, err := ioutil.TempDir("", "docker-test-untar-origin")
|
|
origin, err := ioutil.TempDir("", "docker-test-untar-origin")
|
|
|
assert.NilError(t, err)
|
|
assert.NilError(t, err)
|
|
|
defer os.RemoveAll(origin)
|
|
defer os.RemoveAll(origin)
|
|
@@ -232,8 +240,9 @@ func TestTarUntarWithXattr(t *testing.T) {
|
|
|
assert.NilError(t, err)
|
|
assert.NilError(t, err)
|
|
|
err = ioutil.WriteFile(filepath.Join(origin, "3"), []byte("will be ignored"), 0700)
|
|
err = ioutil.WriteFile(filepath.Join(origin, "3"), []byte("will be ignored"), 0700)
|
|
|
assert.NilError(t, err)
|
|
assert.NilError(t, err)
|
|
|
- err = system.Lsetxattr(filepath.Join(origin, "2"), "security.capability", []byte{0x00}, 0)
|
|
|
|
|
- assert.NilError(t, err)
|
|
|
|
|
|
|
+ // there is no known Go implementation of setcap/getcap with support for v3 file capability
|
|
|
|
|
+ out, err := exec.Command("setcap", "cap_block_suspend+ep", filepath.Join(origin, "2")).CombinedOutput()
|
|
|
|
|
+ assert.NilError(t, err, string(out))
|
|
|
|
|
|
|
|
for _, c := range []Compression{
|
|
for _, c := range []Compression{
|
|
|
Uncompressed,
|
|
Uncompressed,
|
|
@@ -251,10 +260,9 @@ func TestTarUntarWithXattr(t *testing.T) {
|
|
|
if len(changes) != 1 || changes[0].Path != "/3" {
|
|
if len(changes) != 1 || changes[0].Path != "/3" {
|
|
|
t.Fatalf("Unexpected differences after tarUntar: %v", changes)
|
|
t.Fatalf("Unexpected differences after tarUntar: %v", changes)
|
|
|
}
|
|
}
|
|
|
- capability, _ := system.Lgetxattr(filepath.Join(origin, "2"), "security.capability")
|
|
|
|
|
- if capability == nil && capability[0] != 0x00 {
|
|
|
|
|
- t.Fatalf("Untar should have kept the 'security.capability' xattr.")
|
|
|
|
|
- }
|
|
|
|
|
|
|
+ out, err := exec.Command("getcap", filepath.Join(origin, "2")).CombinedOutput()
|
|
|
|
|
+ assert.NilError(t, err, string(out))
|
|
|
|
|
+ assert.Check(t, is.Contains(string(out), "= cap_block_suspend+ep"), "untar should have kept the 'security.capability' xattr")
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
|
Akihiro Suda