diff --git a/integration-cli/docker_cli_daemon_test.go b/integration-cli/docker_cli_daemon_test.go index a3d38b1c09..6de9d243df 100644 --- a/integration-cli/docker_cli_daemon_test.go +++ b/integration-cli/docker_cli_daemon_test.go @@ -2896,47 +2896,6 @@ func (s *DockerDaemonSuite) TestDaemonStartWithIpcModes(c *check.C) { } } -// TestDaemonRestartIpcMode makes sure a container keeps its ipc mode -// (derived from daemon default) even after the daemon is restarted -// with a different default ipc mode. -func (s *DockerDaemonSuite) TestDaemonRestartIpcMode(c *check.C) { - f, err := ioutil.TempFile("", "test-daemon-ipc-config-restart") - c.Assert(err, checker.IsNil) - file := f.Name() - defer os.Remove(file) - c.Assert(f.Close(), checker.IsNil) - - config := []byte(`{"default-ipc-mode": "private"}`) - c.Assert(ioutil.WriteFile(file, config, 0644), checker.IsNil) - s.d.StartWithBusybox(c, "--config-file", file) - - // check the container is created with private ipc mode as per daemon default - name := "ipc1" - _, err = s.d.Cmd("run", "-d", "--name", name, "--restart=always", "busybox", "top") - c.Assert(err, checker.IsNil) - m, err := s.d.InspectField(name, ".HostConfig.IpcMode") - c.Assert(err, check.IsNil) - c.Assert(m, checker.Equals, "private") - - // restart the daemon with shareable default ipc mode - config = []byte(`{"default-ipc-mode": "shareable"}`) - c.Assert(ioutil.WriteFile(file, config, 0644), checker.IsNil) - s.d.Restart(c, "--config-file", file) - - // check the container is still having private ipc mode - m, err = s.d.InspectField(name, ".HostConfig.IpcMode") - c.Assert(err, check.IsNil) - c.Assert(m, checker.Equals, "private") - - // check a new container is created with shareable ipc mode as per new daemon default - name = "ipc2" - _, err = s.d.Cmd("run", "-d", "--name", name, "busybox", "top") - c.Assert(err, checker.IsNil) - m, err = s.d.InspectField(name, ".HostConfig.IpcMode") - c.Assert(err, check.IsNil) - c.Assert(m, checker.Equals, "shareable") -} - // TestFailedPluginRemove makes sure that a failed plugin remove does not block // the daemon from starting func (s *DockerDaemonSuite) TestFailedPluginRemove(c *check.C) { diff --git a/integration/container/daemon_linux_test.go b/integration/container/daemon_linux_test.go index a676410690..efb97c5aac 100644 --- a/integration/container/daemon_linux_test.go +++ b/integration/container/daemon_linux_test.go @@ -13,6 +13,7 @@ import ( "github.com/docker/docker/internal/test/daemon" "golang.org/x/sys/unix" "gotest.tools/assert" + is "gotest.tools/assert/cmp" "gotest.tools/skip" ) @@ -76,3 +77,46 @@ func getContainerdShimPid(t *testing.T, c types.ContainerJSON) int { assert.Check(t, ppid != 1, "got unexpected ppid") return ppid } + +// TestDaemonRestartIpcMode makes sure a container keeps its ipc mode +// (derived from daemon default) even after the daemon is restarted +// with a different default ipc mode. +func TestDaemonRestartIpcMode(t *testing.T) { + skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run") + skip.If(t, testEnv.DaemonInfo.OSType == "windows") + t.Parallel() + + d := daemon.New(t) + d.StartWithBusybox(t, "--iptables=false", "--default-ipc-mode=private") + defer d.Stop(t) + + c := d.NewClientT(t) + ctx := context.Background() + + // check the container is created with private ipc mode as per daemon default + cID := container.Run(t, ctx, c, + container.WithCmd("top"), + container.WithRestartPolicy("always"), + ) + defer c.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true}) + + inspect, err := c.ContainerInspect(ctx, cID) + assert.NilError(t, err) + assert.Check(t, is.Equal(string(inspect.HostConfig.IpcMode), "private")) + + // restart the daemon with shareable default ipc mode + d.Restart(t, "--iptables=false", "--default-ipc-mode=shareable") + + // check the container is still having private ipc mode + inspect, err = c.ContainerInspect(ctx, cID) + assert.NilError(t, err) + assert.Check(t, is.Equal(string(inspect.HostConfig.IpcMode), "private")) + + // check a new container is created with shareable ipc mode as per new daemon default + cID = container.Run(t, ctx, c) + defer c.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true}) + + inspect, err = c.ContainerInspect(ctx, cID) + assert.NilError(t, err) + assert.Check(t, is.Equal(string(inspect.HostConfig.IpcMode), "shareable")) +}