moby/integration-cli/fixtures_linux_daemon_test.go
Kir Kolyshkin 771256b305 TestRunSeccompProfileAllow32Bit: fix
Since the update to Debian Stretch, this test fails. The reason is dynamic
binary, which requires i386 ld.so for loading (and apparently it is no longer
installed by default):

> root@09d4b173c3dc:/go/src/github.com/docker/docker# file exit32-test
> exit32-test: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, BuildID[sha1]=a0d3d6cb59788453b983f65f8dc6ac52920147b6, stripped
> root@09d4b173c3dc:/go/src/github.com/docker/docker# ls -l /lib/ld-linux.so.2
> ls: cannot access '/lib/ld-linux.so.2': No such file or directory

To fix, just add -static.

Interestingly, ldd can'f figure it out.

> root@a324f8edfcaa:/go/src/github.com/docker/docker# ldd exit32-test
>	not a dynamic executable

Other tools (e.g. objdump) also show it's a dynamic binary.

While at it, remove the extra "id" argument (a copy-paste error I
guess).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-17 22:04:31 -07:00

139 lines
4.1 KiB
Go

package main
import (
"fmt"
"io/ioutil"
"os"
"os/exec"
"path/filepath"
"runtime"
"strings"
"sync"
"github.com/docker/docker/integration-cli/checker"
"github.com/docker/docker/integration-cli/fixtures/load"
"github.com/go-check/check"
)
type testingT interface {
logT
Fatalf(string, ...interface{})
}
type logT interface {
Logf(string, ...interface{})
}
var ensureSyscallTestOnce sync.Once
func ensureSyscallTest(c *check.C) {
var doIt bool
ensureSyscallTestOnce.Do(func() {
doIt = true
})
if !doIt {
return
}
defer testEnv.ProtectImage(c, "syscall-test:latest")
// if no match, must build in docker, which is significantly slower
// (slower mostly because of the vfs graphdriver)
if testEnv.DaemonPlatform() != runtime.GOOS {
ensureSyscallTestBuild(c)
return
}
tmp, err := ioutil.TempDir("", "syscall-test-build")
c.Assert(err, checker.IsNil, check.Commentf("couldn't create temp dir"))
defer os.RemoveAll(tmp)
gcc, err := exec.LookPath("gcc")
c.Assert(err, checker.IsNil, check.Commentf("could not find gcc"))
tests := []string{"userns", "ns", "acct", "setuid", "setgid", "socket", "raw"}
for _, test := range tests {
out, err := exec.Command(gcc, "-g", "-Wall", "-static", fmt.Sprintf("../contrib/syscall-test/%s.c", test), "-o", fmt.Sprintf("%s/%s-test", tmp, test)).CombinedOutput()
c.Assert(err, checker.IsNil, check.Commentf(string(out)))
}
if runtime.GOOS == "linux" && runtime.GOARCH == "amd64" {
out, err := exec.Command(gcc, "-s", "-m32", "-nostdlib", "-static", "../contrib/syscall-test/exit32.s", "-o", tmp+"/"+"exit32-test").CombinedOutput()
c.Assert(err, checker.IsNil, check.Commentf(string(out)))
}
dockerFile := filepath.Join(tmp, "Dockerfile")
content := []byte(`
FROM debian:jessie
COPY . /usr/bin/
`)
err = ioutil.WriteFile(dockerFile, content, 600)
c.Assert(err, checker.IsNil)
var buildArgs []string
if arg := os.Getenv("DOCKER_BUILD_ARGS"); strings.TrimSpace(arg) != "" {
buildArgs = strings.Split(arg, " ")
}
buildArgs = append(buildArgs, []string{"-q", "-t", "syscall-test", tmp}...)
buildArgs = append([]string{"build"}, buildArgs...)
dockerCmd(c, buildArgs...)
}
func ensureSyscallTestBuild(c *check.C) {
err := load.FrozenImagesLinux(testEnv.APIClient(), "buildpack-deps:jessie")
c.Assert(err, checker.IsNil)
var buildArgs []string
if arg := os.Getenv("DOCKER_BUILD_ARGS"); strings.TrimSpace(arg) != "" {
buildArgs = strings.Split(arg, " ")
}
buildArgs = append(buildArgs, []string{"-q", "-t", "syscall-test", "../contrib/syscall-test"}...)
buildArgs = append([]string{"build"}, buildArgs...)
dockerCmd(c, buildArgs...)
}
func ensureNNPTest(c *check.C) {
defer testEnv.ProtectImage(c, "nnp-test:latest")
if testEnv.DaemonPlatform() != runtime.GOOS {
ensureNNPTestBuild(c)
return
}
tmp, err := ioutil.TempDir("", "docker-nnp-test")
c.Assert(err, checker.IsNil)
gcc, err := exec.LookPath("gcc")
c.Assert(err, checker.IsNil, check.Commentf("could not find gcc"))
out, err := exec.Command(gcc, "-g", "-Wall", "-static", "../contrib/nnp-test/nnp-test.c", "-o", filepath.Join(tmp, "nnp-test")).CombinedOutput()
c.Assert(err, checker.IsNil, check.Commentf(string(out)))
dockerfile := filepath.Join(tmp, "Dockerfile")
content := `
FROM debian:jessie
COPY . /usr/bin
RUN chmod +s /usr/bin/nnp-test
`
err = ioutil.WriteFile(dockerfile, []byte(content), 600)
c.Assert(err, checker.IsNil, check.Commentf("could not write Dockerfile for nnp-test image"))
var buildArgs []string
if arg := os.Getenv("DOCKER_BUILD_ARGS"); strings.TrimSpace(arg) != "" {
buildArgs = strings.Split(arg, " ")
}
buildArgs = append(buildArgs, []string{"-q", "-t", "nnp-test", tmp}...)
buildArgs = append([]string{"build"}, buildArgs...)
dockerCmd(c, buildArgs...)
}
func ensureNNPTestBuild(c *check.C) {
err := load.FrozenImagesLinux(testEnv.APIClient(), "buildpack-deps:jessie")
c.Assert(err, checker.IsNil)
var buildArgs []string
if arg := os.Getenv("DOCKER_BUILD_ARGS"); strings.TrimSpace(arg) != "" {
buildArgs = strings.Split(arg, " ")
}
buildArgs = append(buildArgs, []string{"-q", "-t", "npp-test", "../contrib/nnp-test"}...)
buildArgs = append([]string{"build"}, buildArgs...)
dockerCmd(c, buildArgs...)
}