We use cookies to ensure you get the best experience on our website
탐색 도움말
가입하기 로그인
0ct0pu5
/
moby
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: d96f61cfe1
브랜치 태그
moby
/
daemon
/
oci_linux_test.go

oci_linux_test.go 4.2 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150 
  1. package daemon // import "github.com/docker/docker/daemon"
    2. 

  2. 

  3. import (
    4. 

  4. 	"io/ioutil"
    5. 

  5. 	"os"
    6. 

  6. 	"path/filepath"
    7. 

  7. 	"testing"
    8. 

  8. 

  9. 	containertypes "github.com/docker/docker/api/types/container"
    10. 

  10. 	"github.com/docker/docker/container"
    11. 

  11. 	"github.com/docker/docker/daemon/config"
    12. 

  12. 	"github.com/docker/docker/daemon/network"
    13. 

  13. 	"github.com/docker/docker/pkg/containerfs"
    14. 

  14. 	"github.com/docker/docker/pkg/idtools"
    15. 

  15. 	"github.com/docker/libnetwork"
    16. 

  16. 	"gotest.tools/v3/assert"
    17. 

  17. 	is "gotest.tools/v3/assert/cmp"
    18. 

  18. )
    19. 

  19. 

  20. func setupFakeDaemon(t *testing.T, c *container.Container) *Daemon {
    21. 

  21. 	root, err := ioutil.TempDir("", "oci_linux_test-root")
    22. 

  22. 	assert.NilError(t, err)
    23. 

  23. 

  24. 	rootfs := filepath.Join(root, "rootfs")
    25. 

  25. 	err = os.MkdirAll(rootfs, 0755)
    26. 

  26. 	assert.NilError(t, err)
    27. 

  27. 

  28. 	netController, err := libnetwork.New()
    29. 

  29. 	assert.NilError(t, err)
    30. 

  30. 

  31. 	d := &Daemon{
    32. 

  32. 		// some empty structs to avoid getting a panic
    33. 

  33. 		// caused by a null pointer dereference
    34. 

  34. 		idMapping:     &idtools.IdentityMapping{},
    35. 

  35. 		configStore:   &config.Config{},
    36. 

  36. 		linkIndex:     newLinkIndex(),
    37. 

  37. 		netController: netController,
    38. 

  38. 	}
    39. 

  39. 

  40. 	c.Root = root
    41. 

  41. 	c.BaseFS = containerfs.NewLocalContainerFS(rootfs)
    42. 

  42. 

  43. 	if c.Config == nil {
    44. 

  44. 		c.Config = new(containertypes.Config)
    45. 

  45. 	}
    46. 

  46. 	if c.HostConfig == nil {
    47. 

  47. 		c.HostConfig = new(containertypes.HostConfig)
    48. 

  48. 	}
    49. 

  49. 	if c.NetworkSettings == nil {
    50. 

  50. 		c.NetworkSettings = &network.Settings{Networks: make(map[string]*network.EndpointSettings)}
    51. 

  51. 	}
    52. 

  52. 

  53. 	return d
    54. 

  54. }
    55. 

  55. 

  56. func cleanupFakeContainer(c *container.Container) {
    57. 

  57. 	os.RemoveAll(c.Root)
    58. 

  58. }
    59. 

  59. 

  60. // TestTmpfsDevShmNoDupMount checks that a user-specified /dev/shm tmpfs
    61. 

  61. // mount (as in "docker run --tmpfs /dev/shm:rw,size=NNN") does not result
    62. 

  62. // in "Duplicate mount point" error from the engine.
    63. 

  63. // https://github.com/moby/moby/issues/35455
    64. 

  64. func TestTmpfsDevShmNoDupMount(t *testing.T) {
    65. 

  65. 	c := &container.Container{
    66. 

  66. 		ShmPath: "foobar", // non-empty, for c.IpcMounts() to work
    67. 

  67. 		HostConfig: &containertypes.HostConfig{
    68. 

  68. 			IpcMode: containertypes.IpcMode("shareable"), // default mode
    69. 

  69. 			// --tmpfs /dev/shm:rw,exec,size=NNN
    70. 

  70. 			Tmpfs: map[string]string{
    71. 

  71. 				"/dev/shm": "rw,exec,size=1g",
    72. 

  72. 			},
    73. 

  73. 		},
    74. 

  74. 	}
    75. 

  75. 	d := setupFakeDaemon(t, c)
    76. 

  76. 	defer cleanupFakeContainer(c)
    77. 

  77. 

  78. 	_, err := d.createSpec(c)
    79. 

  79. 	assert.Check(t, err)
    80. 

  80. }
    81. 

  81. 

  82. // TestIpcPrivateVsReadonly checks that in case of IpcMode: private
    83. 

  83. // and ReadonlyRootfs: true (as in "docker run --ipc private --read-only")
    84. 

  84. // the resulting /dev/shm mount is NOT made read-only.
    85. 

  85. // https://github.com/moby/moby/issues/36503
    86. 

  86. func TestIpcPrivateVsReadonly(t *testing.T) {
    87. 

  87. 	c := &container.Container{
    88. 

  88. 		HostConfig: &containertypes.HostConfig{
    89. 

  89. 			IpcMode:        containertypes.IpcMode("private"),
    90. 

  90. 			ReadonlyRootfs: true,
    91. 

  91. 		},
    92. 

  92. 	}
    93. 

  93. 	d := setupFakeDaemon(t, c)
    94. 

  94. 	defer cleanupFakeContainer(c)
    95. 

  95. 

  96. 	s, err := d.createSpec(c)
    97. 

  97. 	assert.Check(t, err)
    98. 

  98. 

  99. 	// Find the /dev/shm mount in ms, check it does not have ro
    100. 

  100. 	for _, m := range s.Mounts {
    101. 

  101. 		if m.Destination != "/dev/shm" {
    102. 

  102. 			continue
    103. 

  103. 		}
    104. 

  104. 		assert.Check(t, is.Equal(false, inSlice(m.Options, "ro")))
    105. 

  105. 	}
    106. 

  106. }
    107. 

  107. 

  108. // TestSysctlOverride ensures that any implicit sysctls (such as
    109. 

  109. // Config.Domainname) are overridden by an explicit sysctl in the HostConfig.
    110. 

  110. func TestSysctlOverride(t *testing.T) {
    111. 

  111. 	c := &container.Container{
    112. 

  112. 		Config: &containertypes.Config{
    113. 

  113. 			Hostname:   "foobar",
    114. 

  114. 			Domainname: "baz.cyphar.com",
    115. 

  115. 		},
    116. 

  116. 		HostConfig: &containertypes.HostConfig{
    117. 

  117. 			Sysctls: map[string]string{},
    118. 

  118. 		},
    119. 

  119. 	}
    120. 

  120. 	d := setupFakeDaemon(t, c)
    121. 

  121. 	defer cleanupFakeContainer(c)
    122. 

  122. 

  123. 	// Ensure that the implicit sysctl is set correctly.
    124. 

  124. 	s, err := d.createSpec(c)
    125. 

  125. 	assert.NilError(t, err)
    126. 

  126. 	assert.Equal(t, s.Hostname, "foobar")
    127. 

  127. 	assert.Equal(t, s.Linux.Sysctl["kernel.domainname"], c.Config.Domainname)
    128. 

  128. 

  129. 	// Set an explicit sysctl.
    130. 

  130. 	c.HostConfig.Sysctls["kernel.domainname"] = "foobar.net"
    131. 

  131. 	assert.Assert(t, c.HostConfig.Sysctls["kernel.domainname"] != c.Config.Domainname)
    132. 

  132. 

  133. 	s, err = d.createSpec(c)
    134. 

  134. 	assert.NilError(t, err)
    135. 

  135. 	assert.Equal(t, s.Hostname, "foobar")
    136. 

  136. 	assert.Equal(t, s.Linux.Sysctl["kernel.domainname"], c.HostConfig.Sysctls["kernel.domainname"])
    137. 

  137. }
    138. 

  138. 

  139. func TestGetSourceMount(t *testing.T) {
    140. 

  140. 	// must be able to find source mount for /
    141. 

  141. 	mnt, _, err := getSourceMount("/")
    142. 

  142. 	assert.NilError(t, err)
    143. 

  143. 	assert.Equal(t, mnt, "/")
    144. 

  144. 

  145. 	// must be able to find source mount for current directory
    146. 

  146. 	cwd, err := os.Getwd()
    147. 

  147. 	assert.NilError(t, err)
    148. 

  148. 	_, _, err = getSourceMount(cwd)
    149. 

  149. 	assert.NilError(t, err)
    150. 

  150. }
    151.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5