2018-02-05 16:05:59 -05:00
|
|
|
package daemon // import "github.com/docker/docker/daemon"
|
2017-11-10 18:43:57 -05:00
|
|
|
|
|
|
|
import (
|
2018-05-10 15:01:50 -04:00
|
|
|
"os"
|
2017-11-10 18:43:57 -05:00
|
|
|
"testing"
|
|
|
|
|
|
|
|
containertypes "github.com/docker/docker/api/types/container"
|
|
|
|
"github.com/docker/docker/container"
|
|
|
|
"github.com/docker/docker/daemon/config"
|
|
|
|
"github.com/docker/docker/oci"
|
|
|
|
"github.com/docker/docker/pkg/idtools"
|
2018-06-11 09:32:11 -04:00
|
|
|
"gotest.tools/assert"
|
|
|
|
is "gotest.tools/assert/cmp"
|
2017-11-10 18:43:57 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
// TestTmpfsDevShmNoDupMount checks that a user-specified /dev/shm tmpfs
|
|
|
|
// mount (as in "docker run --tmpfs /dev/shm:rw,size=NNN") does not result
|
|
|
|
// in "Duplicate mount point" error from the engine.
|
|
|
|
// https://github.com/moby/moby/issues/35455
|
|
|
|
func TestTmpfsDevShmNoDupMount(t *testing.T) {
|
|
|
|
d := Daemon{
|
|
|
|
// some empty structs to avoid getting a panic
|
|
|
|
// caused by a null pointer dereference
|
2017-11-16 01:20:33 -05:00
|
|
|
idMapping: &idtools.IdentityMapping{},
|
2017-11-10 18:43:57 -05:00
|
|
|
configStore: &config.Config{},
|
|
|
|
}
|
|
|
|
c := &container.Container{
|
|
|
|
ShmPath: "foobar", // non-empty, for c.IpcMounts() to work
|
|
|
|
HostConfig: &containertypes.HostConfig{
|
|
|
|
IpcMode: containertypes.IpcMode("shareable"), // default mode
|
|
|
|
// --tmpfs /dev/shm:rw,exec,size=NNN
|
|
|
|
Tmpfs: map[string]string{
|
|
|
|
"/dev/shm": "rw,exec,size=1g",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
// Mimick the code flow of daemon.createSpec(), enough to reproduce the issue
|
|
|
|
ms, err := d.setupMounts(c)
|
2018-03-13 15:28:34 -04:00
|
|
|
assert.Check(t, err)
|
2017-11-10 18:43:57 -05:00
|
|
|
|
|
|
|
ms = append(ms, c.IpcMounts()...)
|
|
|
|
|
|
|
|
tmpfsMounts, err := c.TmpfsMounts()
|
2018-03-13 15:28:34 -04:00
|
|
|
assert.Check(t, err)
|
2017-11-10 18:43:57 -05:00
|
|
|
ms = append(ms, tmpfsMounts...)
|
|
|
|
|
|
|
|
s := oci.DefaultSpec()
|
|
|
|
err = setMounts(&d, &s, c, ms)
|
2018-03-13 15:28:34 -04:00
|
|
|
assert.Check(t, err)
|
2017-11-10 18:43:57 -05:00
|
|
|
}
|
2018-03-08 15:24:39 -05:00
|
|
|
|
|
|
|
// TestIpcPrivateVsReadonly checks that in case of IpcMode: private
|
|
|
|
// and ReadonlyRootfs: true (as in "docker run --ipc private --read-only")
|
|
|
|
// the resulting /dev/shm mount is NOT made read-only.
|
|
|
|
// https://github.com/moby/moby/issues/36503
|
|
|
|
func TestIpcPrivateVsReadonly(t *testing.T) {
|
|
|
|
d := Daemon{
|
|
|
|
// some empty structs to avoid getting a panic
|
|
|
|
// caused by a null pointer dereference
|
2017-11-16 01:20:33 -05:00
|
|
|
idMapping: &idtools.IdentityMapping{},
|
2018-03-08 15:24:39 -05:00
|
|
|
configStore: &config.Config{},
|
|
|
|
}
|
|
|
|
c := &container.Container{
|
|
|
|
HostConfig: &containertypes.HostConfig{
|
|
|
|
IpcMode: containertypes.IpcMode("private"),
|
|
|
|
ReadonlyRootfs: true,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
// We can't call createSpec() so mimick the minimal part
|
|
|
|
// of its code flow, just enough to reproduce the issue.
|
|
|
|
ms, err := d.setupMounts(c)
|
2018-03-13 15:28:34 -04:00
|
|
|
assert.Check(t, err)
|
2018-03-08 15:24:39 -05:00
|
|
|
|
|
|
|
s := oci.DefaultSpec()
|
|
|
|
s.Root.Readonly = c.HostConfig.ReadonlyRootfs
|
|
|
|
|
|
|
|
err = setMounts(&d, &s, c, ms)
|
2018-03-13 15:28:34 -04:00
|
|
|
assert.Check(t, err)
|
2018-03-08 15:24:39 -05:00
|
|
|
|
|
|
|
// Find the /dev/shm mount in ms, check it does not have ro
|
|
|
|
for _, m := range s.Mounts {
|
|
|
|
if m.Destination != "/dev/shm" {
|
|
|
|
continue
|
|
|
|
}
|
2018-03-13 15:28:34 -04:00
|
|
|
assert.Check(t, is.Equal(false, inSlice(m.Options, "ro")))
|
2018-03-08 15:24:39 -05:00
|
|
|
}
|
|
|
|
}
|
2018-05-10 15:01:50 -04:00
|
|
|
|
|
|
|
func TestGetSourceMount(t *testing.T) {
|
|
|
|
// must be able to find source mount for /
|
|
|
|
mnt, _, err := getSourceMount("/")
|
|
|
|
assert.NilError(t, err)
|
|
|
|
assert.Equal(t, mnt, "/")
|
|
|
|
|
|
|
|
// must be able to find source mount for current directory
|
|
|
|
cwd, err := os.Getwd()
|
|
|
|
assert.NilError(t, err)
|
|
|
|
_, _, err = getSourceMount(cwd)
|
|
|
|
assert.NilError(t, err)
|
|
|
|
}
|