Migrates TestContainersAPINetworkMountsNoChown to api tests

This fix migrates TestContainersAPINetworkMountsNoChown from
integration-cli to api tests in integration.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

integration-cli/docker_api_containers_unix_test.go

@@ -1,77 +0,0 @@
-// +build !windows
-
-package main
-
-import (
-	"io/ioutil"
-	"os"
-	"path/filepath"
-
-	"github.com/docker/docker/api/types"
-	containertypes "github.com/docker/docker/api/types/container"
-	mounttypes "github.com/docker/docker/api/types/mount"
-	networktypes "github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/client"
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/system"
-	"github.com/go-check/check"
-	"github.com/stretchr/testify/assert"
-	"golang.org/x/net/context"
-)
-
-func (s *DockerSuite) TestContainersAPINetworkMountsNoChown(c *check.C) {
-	// chown only applies to Linux bind mounted volumes; must be same host to verify
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
-
-	tmpDir, err := ioutils.TempDir("", "test-network-mounts")
-	c.Assert(err, checker.IsNil)
-	defer os.RemoveAll(tmpDir)
-
-	// make tmp dir readable by anyone to allow userns process to mount from
-	err = os.Chmod(tmpDir, 0755)
-	c.Assert(err, checker.IsNil)
-	// create temp files to use as network mounts
-	tmpNWFileMount := filepath.Join(tmpDir, "nwfile")
-
-	err = ioutil.WriteFile(tmpNWFileMount, []byte("network file bind mount"), 0644)
-	c.Assert(err, checker.IsNil)
-
-	config := containertypes.Config{
-		Image: "busybox",
-	}
-	hostConfig := containertypes.HostConfig{
-		Mounts: []mounttypes.Mount{
-			{
-				Type:   "bind",
-				Source: tmpNWFileMount,
-				Target: "/etc/resolv.conf",
-			},
-			{
-				Type:   "bind",
-				Source: tmpNWFileMount,
-				Target: "/etc/hostname",
-			},
-			{
-				Type:   "bind",
-				Source: tmpNWFileMount,
-				Target: "/etc/hosts",
-			},
-		},
-	}
-
-	cli, err := client.NewEnvClient()
-	c.Assert(err, checker.IsNil)
-	defer cli.Close()
-
-	ctrCreate, err := cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "")
-	c.Assert(err, checker.IsNil)
-	// container will exit immediately because of no tty, but we only need the start sequence to test the condition
-	err = cli.ContainerStart(context.Background(), ctrCreate.ID, types.ContainerStartOptions{})
-	c.Assert(err, checker.IsNil)
-
-	// check that host-located bind mount network file did not change ownership when the container was started
-	statT, err := system.Stat(tmpNWFileMount)
-	c.Assert(err, checker.IsNil)
-	assert.Equal(c, uint32(0), statT.UID(), "bind mounted network file should not change ownership from root")
-}

integration/container/mounts_linux_test.go

@@ -9,8 +9,15 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/client"
 	"github.com/docker/docker/integration-cli/daemon"
 	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/docker/docker/pkg/system"
+	"github.com/gotestyourself/gotestyourself/fs"
+	"github.com/gotestyourself/gotestyourself/skip"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestContainerShmNoLeak(t *testing.T) {
@@ -82,3 +89,55 @@ func TestContainerShmNoLeak(t *testing.T) {
 		t.Fatalf("mount leaked: %s", string(out))
 	}
 }
+
+func TestContainerNetworkMountsNoChown(t *testing.T) {
+	// chown only applies to Linux bind mounted volumes; must be same host to verify
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux" || !testEnv.IsLocalDaemon())
+
+	defer setupTest(t)()
+
+	ctx := context.Background()
+
+	tmpDir := fs.NewDir(t, "network-file-mounts", fs.WithMode(0755), fs.WithFile("nwfile", "network file bind mount", fs.WithMode(0644)))
+	defer tmpDir.Remove()
+
+	tmpNWFileMount := tmpDir.Join("nwfile")
+
+	config := container.Config{
+		Image: "busybox",
+	}
+	hostConfig := container.HostConfig{
+		Mounts: []mount.Mount{
+			{
+				Type:   "bind",
+				Source: tmpNWFileMount,
+				Target: "/etc/resolv.conf",
+			},
+			{
+				Type:   "bind",
+				Source: tmpNWFileMount,
+				Target: "/etc/hostname",
+			},
+			{
+				Type:   "bind",
+				Source: tmpNWFileMount,
+				Target: "/etc/hosts",
+			},
+		},
+	}
+
+	cli, err := client.NewEnvClient()
+	require.NoError(t, err)
+	defer cli.Close()
+
+	ctrCreate, err := cli.ContainerCreate(ctx, &config, &hostConfig, &network.NetworkingConfig{}, "")
+	require.NoError(t, err)
+	// container will exit immediately because of no tty, but we only need the start sequence to test the condition
+	err = cli.ContainerStart(ctx, ctrCreate.ID, types.ContainerStartOptions{})
+	require.NoError(t, err)
+
+	// check that host-located bind mount network file did not change ownership when the container was started
+	statT, err := system.Stat(tmpNWFileMount)
+	require.NoError(t, err)
+	assert.Equal(t, uint32(0), statT.UID(), "bind mounted network file should not change ownership from root")
+}