pkg/chrootarchive: Skip privileged tests when non-root
These tests fail when run by a non-root user === RUN TestUntarWithMaliciousSymlinks archive_unix_test.go:63: assertion failed: expected error to contain "open /safe/host-file: no such file or directory", got "Error processing tar file(exit status 1): Error creating mount namespace before pivot: operation not permitted" --- FAIL: TestUntarWithMaliciousSymlinks (0.00s) === RUN TestTarWithMaliciousSymlinks archive_unix_test.go:90: /tmp/TestTarWithMaliciousSymlinks400408188 === RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe_host-file archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1 === RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe/_host-file archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1 === RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe_ archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1 === RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe/_ archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1 === RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_safe/host-file archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1 === RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_/safe/host-file archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1 === RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_ archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1 --- FAIL: TestTarWithMaliciousSymlinks (0.02s) --- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe_host-file (0.00s) --- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe/_host-file (0.00s) --- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe_ (0.00s) --- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe/_ (0.00s) --- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_safe/host-file (0.00s) --- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_/safe/host-file (0.00s) --- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_ (0.00s) FAIL FAIL github.com/docker/docker/pkg/chrootarchive 0.042s Signed-off-by: Arnaud Rebillout <elboulangero@gmail.com>
This commit is contained in:
parent
6349b32e1b
commit
c7e7426796
1 changed files with 3 additions and 0 deletions
|
@ -16,6 +16,7 @@ import (
|
||||||
"github.com/docker/docker/pkg/archive"
|
"github.com/docker/docker/pkg/archive"
|
||||||
"golang.org/x/sys/unix"
|
"golang.org/x/sys/unix"
|
||||||
"gotest.tools/v3/assert"
|
"gotest.tools/v3/assert"
|
||||||
|
"gotest.tools/v3/skip"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Test for CVE-2018-15664
|
// Test for CVE-2018-15664
|
||||||
|
@ -23,6 +24,7 @@ import (
|
||||||
// some path outside of a container's rootfs that we do not copy data to a
|
// some path outside of a container's rootfs that we do not copy data to a
|
||||||
// container path that will actually overwrite data on the host
|
// container path that will actually overwrite data on the host
|
||||||
func TestUntarWithMaliciousSymlinks(t *testing.T) {
|
func TestUntarWithMaliciousSymlinks(t *testing.T) {
|
||||||
|
skip.If(t, os.Getuid() != 0, "skipping test that requires root")
|
||||||
dir, err := ioutil.TempDir("", t.Name())
|
dir, err := ioutil.TempDir("", t.Name())
|
||||||
assert.NilError(t, err)
|
assert.NilError(t, err)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
|
@ -84,6 +86,7 @@ func TestUntarWithMaliciousSymlinks(t *testing.T) {
|
||||||
// some path outside of a container's rootfs that we do not unwittingly leak
|
// some path outside of a container's rootfs that we do not unwittingly leak
|
||||||
// host data into the archive.
|
// host data into the archive.
|
||||||
func TestTarWithMaliciousSymlinks(t *testing.T) {
|
func TestTarWithMaliciousSymlinks(t *testing.T) {
|
||||||
|
skip.If(t, os.Getuid() != 0, "skipping test that requires root")
|
||||||
dir, err := ioutil.TempDir("", t.Name())
|
dir, err := ioutil.TempDir("", t.Name())
|
||||||
assert.NilError(t, err)
|
assert.NilError(t, err)
|
||||||
// defer os.RemoveAll(dir)
|
// defer os.RemoveAll(dir)
|
||||||
|
|
Loading…
Reference in a new issue