Add description to TestContainerNetworkMountsNoChown

This fix is a follow up to 36198 by adding description to TestContainerNetworkMountsNoChown so that it is clear about the purpose of the test for ownership. This fix is related to comment in 36198. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2018-02-07 00:19:38 +00:00 · 2018-02-07 00:19:38 +00:00 · 28a2187ea7
parent 382c9593bf
commit 28a2187ea7
1 changed files with 10 additions and 1 deletions
--- a/integration/container/mounts_linux_test.go
+++ b/integration/container/mounts_linux_test.go
@ -136,7 +136,16 @@ func TestContainerNetworkMountsNoChown(t *testing.T) {
 	err = cli.ContainerStart(ctx, ctrCreate.ID, types.ContainerStartOptions{})
 	require.NoError(t, err)

-	// check that host-located bind mount network file did not change ownership when the container was started
+	// Check that host-located bind mount network file did not change ownership when the container was started
+	// Note: If the user specifies a mountpath from the host, we should not be
+	// attempting to chown files outside the daemon's metadata directory
+	// (represented by `daemon.repository` at init time).
+	// This forces users who want to use user namespaces to handle the
+	// ownership needs of any external files mounted as network files
+	// (/etc/resolv.conf, /etc/hosts, /etc/hostname) separately from the
+	// daemon. In all other volume/bind mount situations we have taken this
+	// same line--we don't chown host file content.
+	// See GitHub PR 34224 for details.
 	statT, err := system.Stat(tmpNWFileMount)
 	require.NoError(t, err)
 	assert.Equal(t, uint32(0), statT.UID(), "bind mounted network file should not change ownership from root")