0ct0pu5/moby

pkg/chrootarchive: Skip privileged tests when non-root

These tests fail when run by a non-root user

  === RUN   TestUntarWithMaliciousSymlinks
      archive_unix_test.go:63: assertion failed: expected error to contain "open /safe/host-file: no such file or directory", got "Error processing tar file(exit status 1): Error creating mount namespace before pivot: operation not permitted"
  --- FAIL: TestUntarWithMaliciousSymlinks (0.00s)
  === RUN   TestTarWithMaliciousSymlinks
      archive_unix_test.go:90: /tmp/TestTarWithMaliciousSymlinks400408188
  === RUN   TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe_host-file
      archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
  === RUN   TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe/_host-file
      archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
  === RUN   TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe_
      archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
  === RUN   TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe/_
      archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
  === RUN   TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_safe/host-file
      archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
  === RUN   TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_/safe/host-file
      archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
  === RUN   TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_
      archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
  --- FAIL: TestTarWithMaliciousSymlinks (0.02s)
      --- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe_host-file (0.00s)
      --- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe/_host-file (0.00s)
      --- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe_ (0.00s)
      --- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe/_ (0.00s)
      --- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_safe/host-file (0.00s)
      --- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_/safe/host-file (0.00s)
      --- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_ (0.00s)
  FAIL
  FAIL	github.com/docker/docker/pkg/chrootarchive	0.042s

Signed-off-by: Arnaud Rebillout <elboulangero@gmail.com>

Arnaud Rebillout 4 سال پیش

والد

6349b32e1b

کامیت

c7e7426796

1فایلهای تغییر یافته به همراه3 افزوده شده و 0 حذف شده

مشاهده تقسیم شده نمایش آمار تفاوت ها

						
							+ 3
							
							- 0
						
pkg/chrootarchive/archive_unix_test.go
							 
								مشاهده فایل
							
				@@ -16,6 +16,7 @@ import (
			
				 	"github.com/docker/docker/pkg/archive"
			
				 	"golang.org/x/sys/unix"
			
				 	"gotest.tools/v3/assert"
			
				+	"gotest.tools/v3/skip"
			
				 )
			
				 // Test for CVE-2018-15664
			
				@@ -23,6 +24,7 @@ import (
			
				 // some path outside of a container's rootfs that we do not copy data to a
			
				 // container path that will actually overwrite data on the host
			
				 func TestUntarWithMaliciousSymlinks(t *testing.T) {
			
				+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
			
				 	dir, err := ioutil.TempDir("", t.Name())
			
				 	assert.NilError(t, err)
			
				 	defer os.RemoveAll(dir)
			
				@@ -84,6 +86,7 @@ func TestUntarWithMaliciousSymlinks(t *testing.T) {
			
				 // some path outside of a container's rootfs that we do not unwittingly leak
			
				 // host data into the archive.
			
				 func TestTarWithMaliciousSymlinks(t *testing.T) {
			
				+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
			
				 	dir, err := ioutil.TempDir("", t.Name())
			
				 	assert.NilError(t, err)
			
				 	// defer os.RemoveAll(dir)

pkg/chrootarchive: Skip privileged tests when non-root

+ 3 - 0 pkg/chrootarchive/archive_unix_test.go مشاهده فایل

+ 3 - 0
pkg/chrootarchive/archive_unix_test.go
مشاهده فایل