diff --git a/integration-cli/docker_cli_daemon_test.go b/integration-cli/docker_cli_daemon_test.go index bd5f6d56c8..e0f75f327f 100644 --- a/integration-cli/docker_cli_daemon_test.go +++ b/integration-cli/docker_cli_daemon_test.go @@ -1487,34 +1487,6 @@ func (s *DockerDaemonSuite) TestCleanupMountsAfterGracefulShutdown(c *check.C) { c.Assert(strings.Contains(string(mountOut), id), check.Equals, false, comment) } -func (s *DockerDaemonSuite) TestRunContainerWithBridgeNone(c *check.C) { - testRequires(c, DaemonIsLinux, NotUserNamespace) - s.d.StartWithBusybox(c, "-b", "none") - - out, err := s.d.Cmd("run", "--rm", "busybox", "ip", "l") - c.Assert(err, check.IsNil, check.Commentf("Output: %s", out)) - c.Assert(strings.Contains(out, "eth0"), check.Equals, false, - check.Commentf("There shouldn't be eth0 in container in default(bridge) mode when bridge network is disabled: %s", out)) - - out, err = s.d.Cmd("run", "--rm", "--net=bridge", "busybox", "ip", "l") - c.Assert(err, check.IsNil, check.Commentf("Output: %s", out)) - c.Assert(strings.Contains(out, "eth0"), check.Equals, false, - check.Commentf("There shouldn't be eth0 in container in bridge mode when bridge network is disabled: %s", out)) - // the extra grep and awk clean up the output of `ip` to only list the number and name of - // interfaces, allowing for different versions of ip (e.g. inside and outside the container) to - // be used while still verifying that the interface list is the exact same - cmd := exec.Command("sh", "-c", "ip l | grep -E '^[0-9]+:' | awk -F: ' { print $1\":\"$2 } '") - stdout := bytes.NewBuffer(nil) - cmd.Stdout = stdout - if err := cmd.Run(); err != nil { - c.Fatal("Failed to get host network interface") - } - out, err = s.d.Cmd("run", "--rm", "--net=host", "busybox", "sh", "-c", "ip l | grep -E '^[0-9]+:' | awk -F: ' { print $1\":\"$2 } '") - c.Assert(err, check.IsNil, check.Commentf("Output: %s", out)) - c.Assert(out, check.Equals, fmt.Sprintf("%s", stdout), - check.Commentf("The network interfaces in container should be the same with host when --net=host when bridge network is disabled: %s", out)) -} - func (s *DockerDaemonSuite) TestDaemonRestartWithContainerRunning(t *check.C) { s.d.StartWithBusybox(t) if out, err := s.d.Cmd("run", "-d", "--name", "test", "busybox", "top"); err != nil { diff --git a/integration/network/helpers.go b/integration/network/helpers.go index c0d70a168e..9afe7728bf 100644 --- a/integration/network/helpers.go +++ b/integration/network/helpers.go @@ -3,6 +3,7 @@ package network import ( "context" "fmt" + "os" "testing" "github.com/docker/docker/api/types" @@ -83,3 +84,9 @@ func CheckKernelMajorVersionGreaterOrEqualThen(kernelVersion int, majorVersion i } return true } + +// IsUserNamespace returns whether the user namespace remapping is enabled +func IsUserNamespace() bool { + root := os.Getenv("DOCKER_REMAP_ROOT") + return root != "" +} diff --git a/integration/network/network_test.go b/integration/network/network_test.go new file mode 100644 index 0000000000..3829dd728e --- /dev/null +++ b/integration/network/network_test.go @@ -0,0 +1,58 @@ +package network // import "github.com/docker/docker/integration/network" + +import ( + "bytes" + "context" + "os/exec" + "strings" + "testing" + + "github.com/docker/docker/api/types" + "github.com/docker/docker/integration/internal/container" + "github.com/docker/docker/internal/test/daemon" + "gotest.tools/assert" + is "gotest.tools/assert/cmp" + "gotest.tools/skip" +) + +func TestRunContainerWithBridgeNone(t *testing.T) { + skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run") + skip.If(t, testEnv.DaemonInfo.OSType != "linux") + skip.If(t, IsUserNamespace()) + + d := daemon.New(t) + d.StartWithBusybox(t, "-b", "none") + defer d.Stop(t) + + client, err := d.NewClient() + assert.Check(t, err, "error creating client") + + ctx := context.Background() + id1 := container.Run(t, ctx, client) + defer client.ContainerRemove(ctx, id1, types.ContainerRemoveOptions{Force: true}) + + result, err := container.Exec(ctx, client, id1, []string{"ip", "l"}) + assert.NilError(t, err) + assert.Check(t, is.Equal(false, strings.Contains(result.Combined(), "eth0")), "There shouldn't be eth0 in container in default(bridge) mode when bridge network is disabled") + + id2 := container.Run(t, ctx, client, container.WithNetworkMode("bridge")) + defer client.ContainerRemove(ctx, id2, types.ContainerRemoveOptions{Force: true}) + + result, err = container.Exec(ctx, client, id2, []string{"ip", "l"}) + assert.NilError(t, err) + assert.Check(t, is.Equal(false, strings.Contains(result.Combined(), "eth0")), "There shouldn't be eth0 in container in bridge mode when bridge network is disabled") + + nsCommand := "ls -l /proc/self/ns/net | awk -F '->' '{print $2}'" + cmd := exec.Command("sh", "-c", nsCommand) + stdout := bytes.NewBuffer(nil) + cmd.Stdout = stdout + err = cmd.Run() + assert.NilError(t, err, "Failed to get current process network namespace: %+v", err) + + id3 := container.Run(t, ctx, client, container.WithNetworkMode("host")) + defer client.ContainerRemove(ctx, id3, types.ContainerRemoveOptions{Force: true}) + + result, err = container.Exec(ctx, client, id3, []string{"sh", "-c", nsCommand}) + assert.NilError(t, err) + assert.Check(t, is.Equal(stdout.String(), result.Combined()), "The network namspace of container should be the same with host when --net=host and bridge network is disabled") +}