kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

fix centos when userns not in kernel

Browse source 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
This commit is contained in:
Jessica Frazelle 2016-03-02 16:58:49 -08:00
parent f4cb5f4a32
commit 7ab696f6b0
No known key found for this signature in database
GPG key ID: 18F3685C0022BFF3
2 changed files with 15 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
integration-cli/docker_cli_run_unix_test.go
View file

@ -817,7 +817,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyCloneUserns(c *check.C) {
// TestRunSeccompUnconfinedCloneUserns checks that // TestRunSeccompUnconfinedCloneUserns checks that
// 'docker run --security-opt seccomp:unconfined syscall-test' allows creating a userns. // 'docker run --security-opt seccomp:unconfined syscall-test' allows creating a userns.
func (s *DockerSuite) TestRunSeccompUnconfinedCloneUserns(c *check.C) { func (s *DockerSuite) TestRunSeccompUnconfinedCloneUserns(c *check.C) {
testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace) testRequires(c, SameHostDaemon, seccompEnabled, UserNamespaceInKernel, NotUserNamespace)
// make sure running w privileged is ok // make sure running w privileged is ok
runCmd := exec.Command(dockerBinary, "run", "--security-opt", "seccomp:unconfined", "syscall-test", "userns-test", "id") runCmd := exec.Command(dockerBinary, "run", "--security-opt", "seccomp:unconfined", "syscall-test", "userns-test", "id")
@ -829,7 +829,7 @@ func (s *DockerSuite) TestRunSeccompUnconfinedCloneUserns(c *check.C) {
// TestRunSeccompAllowPrivCloneUserns checks that 'docker run --privileged syscall-test' // TestRunSeccompAllowPrivCloneUserns checks that 'docker run --privileged syscall-test'
// allows creating a userns. // allows creating a userns.
func (s *DockerSuite) TestRunSeccompAllowPrivCloneUserns(c *check.C) { func (s *DockerSuite) TestRunSeccompAllowPrivCloneUserns(c *check.C) {
testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace) testRequires(c, SameHostDaemon, seccompEnabled, UserNamespaceInKernel, NotUserNamespace)
// make sure running w privileged is ok // make sure running w privileged is ok
runCmd := exec.Command(dockerBinary, "run", "--privileged", "syscall-test", "userns-test", "id") runCmd := exec.Command(dockerBinary, "run", "--privileged", "syscall-test", "userns-test", "id")

13
integration-cli/requirements.go
View file

@ -140,6 +140,19 @@ var (
}, },
"Test requires native Golang compiler instead of GCCGO", "Test requires native Golang compiler instead of GCCGO",
} }
UserNamespaceInKernel = testRequirement{
func() bool {
if _, err := os.Stat("/proc/self/uid_map"); os.IsNotExist(err) {
/*
* This kernel-provided file only exists if user namespaces are
* supported
*/
return false
}
return true
},
"Kernel must have user namespaces configured.",
}
NotUserNamespace = testRequirement{ NotUserNamespace = testRequirement{
func() bool { func() bool {
root := os.Getenv("DOCKER_REMAP_ROOT") root := os.Getenv("DOCKER_REMAP_ROOT")