mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
fix job and add tests
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
This commit is contained in:
parent
21059af3ac
commit
8344b6d736
2 changed files with 36 additions and 0 deletions
|
@ -783,6 +783,36 @@ func TestUnPrivilegedCanMknod(t *testing.T) {
|
||||||
logDone("run - test un-privileged can mknod")
|
logDone("run - test un-privileged can mknod")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestCapDropCannotMknod(t *testing.T) {
|
||||||
|
cmd := exec.Command(dockerBinary, "run", "--cap-drop=MKNOD", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
|
||||||
|
out, _, err := runCommandWithOutput(cmd)
|
||||||
|
if err == nil {
|
||||||
|
t.Fatal(err, out)
|
||||||
|
}
|
||||||
|
|
||||||
|
if actual := strings.Trim(out, "\r\n"); actual == "ok" {
|
||||||
|
t.Fatalf("expected output not ok received %s", actual)
|
||||||
|
}
|
||||||
|
deleteAllContainers()
|
||||||
|
|
||||||
|
logDone("run - test --cap-drop=MKNOD cannot mknod")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestCapAddCanDownInterface(t *testing.T) {
|
||||||
|
cmd := exec.Command(dockerBinary, "run", "--cap-add=NET_ADMIN", "busybox", "sh", "-c", "ip link set eth0 down && echo ok")
|
||||||
|
out, _, err := runCommandWithOutput(cmd)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err, out)
|
||||||
|
}
|
||||||
|
|
||||||
|
if actual := strings.Trim(out, "\r\n"); actual != "ok" {
|
||||||
|
t.Fatalf("expected output ok received %s", actual)
|
||||||
|
}
|
||||||
|
deleteAllContainers()
|
||||||
|
|
||||||
|
logDone("run - test --cap-add=NET_ADMIN can set eth0 down")
|
||||||
|
}
|
||||||
|
|
||||||
func TestPrivilegedCanMount(t *testing.T) {
|
func TestPrivilegedCanMount(t *testing.T) {
|
||||||
cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "sh", "-c", "mount -t tmpfs none /tmp && echo ok")
|
cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "sh", "-c", "mount -t tmpfs none /tmp && echo ok")
|
||||||
|
|
||||||
|
|
|
@ -67,5 +67,11 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
|
||||||
if VolumesFrom := job.GetenvList("VolumesFrom"); VolumesFrom != nil {
|
if VolumesFrom := job.GetenvList("VolumesFrom"); VolumesFrom != nil {
|
||||||
hostConfig.VolumesFrom = VolumesFrom
|
hostConfig.VolumesFrom = VolumesFrom
|
||||||
}
|
}
|
||||||
|
if CapAdd := job.GetenvList("CapAdd"); CapAdd != nil {
|
||||||
|
hostConfig.CapAdd = CapAdd
|
||||||
|
}
|
||||||
|
if CapDrop := job.GetenvList("CapDrop"); CapDrop != nil {
|
||||||
|
hostConfig.CapDrop = CapDrop
|
||||||
|
}
|
||||||
return hostConfig
|
return hostConfig
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue