We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 30a8c6c109
Branches Tags
moby
/
integration-cli
/
docker_api_containers_unix_test.go

docker_api_containers_unix_test.go 2.3 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. // +build !windows
    2. 

  2. 

  3. package main
    4. 

  4. 

  5. import (
    6. 

  6. 	"io/ioutil"
    7. 

  7. 	"os"
    8. 

  8. 	"path/filepath"
    9. 

  9. 

  10. 	"github.com/docker/docker/api/types"
    11. 

  11. 	containertypes "github.com/docker/docker/api/types/container"
    12. 

  12. 	mounttypes "github.com/docker/docker/api/types/mount"
    13. 

  13. 	networktypes "github.com/docker/docker/api/types/network"
    14. 

  14. 	"github.com/docker/docker/client"
    15. 

  15. 	"github.com/docker/docker/integration-cli/checker"
    16. 

  16. 	"github.com/docker/docker/pkg/ioutils"
    17. 

  17. 	"github.com/docker/docker/pkg/system"
    18. 

  18. 	"github.com/go-check/check"
    19. 

  19. 	"github.com/stretchr/testify/assert"
    20. 

  20. 	"golang.org/x/net/context"
    21. 

  21. )
    22. 

  22. 

  23. func (s *DockerSuite) TestContainersAPINetworkMountsNoChown(c *check.C) {
    24. 

  24. 	// chown only applies to Linux bind mounted volumes; must be same host to verify
    25. 

  25. 	testRequires(c, DaemonIsLinux, SameHostDaemon)
    26. 

  26. 

  27. 	tmpDir, err := ioutils.TempDir("", "test-network-mounts")
    28. 

  28. 	c.Assert(err, checker.IsNil)
    29. 

  29. 	defer os.RemoveAll(tmpDir)
    30. 

  30. 

  31. 	// make tmp dir readable by anyone to allow userns process to mount from
    32. 

  32. 	err = os.Chmod(tmpDir, 0755)
    33. 

  33. 	c.Assert(err, checker.IsNil)
    34. 

  34. 	// create temp files to use as network mounts
    35. 

  35. 	tmpNWFileMount := filepath.Join(tmpDir, "nwfile")
    36. 

  36. 

  37. 	err = ioutil.WriteFile(tmpNWFileMount, []byte("network file bind mount"), 0644)
    38. 

  38. 	c.Assert(err, checker.IsNil)
    39. 

  39. 

  40. 	config := containertypes.Config{
    41. 

  41. 		Image: "busybox",
    42. 

  42. 	}
    43. 

  43. 	hostConfig := containertypes.HostConfig{
    44. 

  44. 		Mounts: []mounttypes.Mount{
    45. 

  45. 			{
    46. 

  46. 				Type:   "bind",
    47. 

  47. 				Source: tmpNWFileMount,
    48. 

  48. 				Target: "/etc/resolv.conf",
    49. 

  49. 			},
    50. 

  50. 			{
    51. 

  51. 				Type:   "bind",
    52. 

  52. 				Source: tmpNWFileMount,
    53. 

  53. 				Target: "/etc/hostname",
    54. 

  54. 			},
    55. 

  55. 			{
    56. 

  56. 				Type:   "bind",
    57. 

  57. 				Source: tmpNWFileMount,
    58. 

  58. 				Target: "/etc/hosts",
    59. 

  59. 			},
    60. 

  60. 		},
    61. 

  61. 	}
    62. 

  62. 

  63. 	cli, err := client.NewEnvClient()
    64. 

  64. 	c.Assert(err, checker.IsNil)
    65. 

  65. 	defer cli.Close()
    66. 

  66. 

  67. 	ctrCreate, err := cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "")
    68. 

  68. 	c.Assert(err, checker.IsNil)
    69. 

  69. 	// container will exit immediately because of no tty, but we only need the start sequence to test the condition
    70. 

  70. 	err = cli.ContainerStart(context.Background(), ctrCreate.ID, types.ContainerStartOptions{})
    71. 

  71. 	c.Assert(err, checker.IsNil)
    72. 

  72. 

  73. 	// check that host-located bind mount network file did not change ownership when the container was started
    74. 

  74. 	statT, err := system.Stat(tmpNWFileMount)
    75. 

  75. 	c.Assert(err, checker.IsNil)
    76. 

  76. 	assert.Equal(c, uint32(0), statT.UID(), "bind mounted network file should not change ownership from root")
    77. 

  77. }
    78.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5