From 28a2187ea7f0484ce515e7ae1662d778dcf94720 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 7 Feb 2018 00:19:38 +0000 Subject: [PATCH] Add description to TestContainerNetworkMountsNoChown This fix is a follow up to 36198 by adding description to TestContainerNetworkMountsNoChown so that it is clear about the purpose of the test for ownership. This fix is related to comment in 36198. Signed-off-by: Yong Tang --- integration/container/mounts_linux_test.go | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/integration/container/mounts_linux_test.go b/integration/container/mounts_linux_test.go index eab0fd5d74..5880f3cbf2 100644 --- a/integration/container/mounts_linux_test.go +++ b/integration/container/mounts_linux_test.go @@ -136,7 +136,16 @@ func TestContainerNetworkMountsNoChown(t *testing.T) { err = cli.ContainerStart(ctx, ctrCreate.ID, types.ContainerStartOptions{}) require.NoError(t, err) - // check that host-located bind mount network file did not change ownership when the container was started + // Check that host-located bind mount network file did not change ownership when the container was started + // Note: If the user specifies a mountpath from the host, we should not be + // attempting to chown files outside the daemon's metadata directory + // (represented by `daemon.repository` at init time). + // This forces users who want to use user namespaces to handle the + // ownership needs of any external files mounted as network files + // (/etc/resolv.conf, /etc/hosts, /etc/hostname) separately from the + // daemon. In all other volume/bind mount situations we have taken this + // same line--we don't chown host file content. + // See GitHub PR 34224 for details. statT, err := system.Stat(tmpNWFileMount) require.NoError(t, err) assert.Equal(t, uint32(0), statT.UID(), "bind mounted network file should not change ownership from root")