mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Change owner only on copied content
Fixes #5110 Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
This commit is contained in:
parent
ddd0470ed1
commit
91b7d8ebd3
15 changed files with 185 additions and 6 deletions
|
@ -418,6 +418,9 @@ func Untar(archive io.Reader, dest string, options *TarOptions) error {
|
||||||
// the layer is also a directory. Then we want to merge them (i.e.
|
// the layer is also a directory. Then we want to merge them (i.e.
|
||||||
// just apply the metadata from the layer).
|
// just apply the metadata from the layer).
|
||||||
if fi, err := os.Lstat(path); err == nil {
|
if fi, err := os.Lstat(path); err == nil {
|
||||||
|
if fi.IsDir() && hdr.Name == "." {
|
||||||
|
continue
|
||||||
|
}
|
||||||
if !(fi.IsDir() && hdr.Typeflag == tar.TypeDir) {
|
if !(fi.IsDir() && hdr.Typeflag == tar.TypeDir) {
|
||||||
if err := os.RemoveAll(path); err != nil {
|
if err := os.RemoveAll(path); err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
FROM busybox
|
||||||
|
RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
|
||||||
|
RUN echo 'dockerio:x:1001:' >> /etc/group
|
||||||
|
RUN mkdir /exists
|
||||||
|
RUN touch /exists/exists_file
|
||||||
|
RUN chown -R dockerio.dockerio /exists
|
||||||
|
ADD test_dir/ /exists/
|
||||||
|
RUN [ $(ls -l / | grep exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
|
||||||
|
RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
|
||||||
|
RUN [ $(ls -l /exists/test_file | awk '{print $3":"$4}') = 'root:root' ]
|
|
@ -0,0 +1,8 @@
|
||||||
|
FROM busybox
|
||||||
|
RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
|
||||||
|
RUN echo 'dockerio:x:1001:' >> /etc/group
|
||||||
|
RUN touch /exists
|
||||||
|
RUN chown dockerio.dockerio exists
|
||||||
|
ADD test_dir /
|
||||||
|
RUN [ $(ls -l /test_file | awk '{print $3":"$4}') = 'root:root' ]
|
||||||
|
RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
|
|
@ -0,0 +1,10 @@
|
||||||
|
FROM busybox
|
||||||
|
RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
|
||||||
|
RUN echo 'dockerio:x:1001:' >> /etc/group
|
||||||
|
RUN mkdir /exists
|
||||||
|
RUN touch /exists/exists_file
|
||||||
|
RUN chown -R dockerio.dockerio /exists
|
||||||
|
ADD test_file /exists/
|
||||||
|
RUN [ $(ls -l / | grep exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
|
||||||
|
RUN [ $(ls -l /exists/test_file | awk '{print $3":"$4}') = 'root:root' ]
|
||||||
|
RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
|
|
@ -0,0 +1,9 @@
|
||||||
|
FROM busybox
|
||||||
|
RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
|
||||||
|
RUN echo 'dockerio:x:1001:' >> /etc/group
|
||||||
|
RUN touch /exists
|
||||||
|
RUN chown dockerio.dockerio /exists
|
||||||
|
ADD test_file /test_dir/
|
||||||
|
RUN [ $(ls -l / | grep test_dir | awk '{print $3":"$4}') = 'root:root' ]
|
||||||
|
RUN [ $(ls -l /test_dir/test_file | awk '{print $3":"$4}') = 'root:root' ]
|
||||||
|
RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
|
|
@ -0,0 +1,8 @@
|
||||||
|
FROM busybox
|
||||||
|
RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
|
||||||
|
RUN echo 'dockerio:x:1001:' >> /etc/group
|
||||||
|
RUN touch /exists
|
||||||
|
RUN chown dockerio.dockerio /exists
|
||||||
|
ADD test_file /
|
||||||
|
RUN [ $(ls -l /test_file | awk '{print $3":"$4}') = 'root:root' ]
|
||||||
|
RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
|
|
@ -0,0 +1,9 @@
|
||||||
|
FROM busybox
|
||||||
|
RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
|
||||||
|
RUN echo 'dockerio:x:1001:' >> /etc/group
|
||||||
|
RUN touch /exists
|
||||||
|
RUN chown dockerio.dockerio exists
|
||||||
|
ADD test_dir /test_dir
|
||||||
|
RUN [ $(ls -l / | grep test_dir | awk '{print $3":"$4}') = 'root:root' ]
|
||||||
|
RUN [ $(ls -l /test_dir/test_file | awk '{print $3":"$4}') = 'root:root' ]
|
||||||
|
RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
|
|
@ -23,6 +23,102 @@ func TestBuildSixtySteps(t *testing.T) {
|
||||||
logDone("build - build an image with sixty build steps")
|
logDone("build - build an image with sixty build steps")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestAddSingleFileToRoot(t *testing.T) {
|
||||||
|
buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd")
|
||||||
|
buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", "SingleFileToRoot")
|
||||||
|
buildCmd.Dir = buildDirectory
|
||||||
|
out, exitCode, err := runCommandWithOutput(buildCmd)
|
||||||
|
errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
|
||||||
|
|
||||||
|
if err != nil || exitCode != 0 {
|
||||||
|
t.Fatal("failed to build the image")
|
||||||
|
}
|
||||||
|
|
||||||
|
deleteImages("testaddimg")
|
||||||
|
|
||||||
|
logDone("build - add single file to root")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestAddSingleFileToExistDir(t *testing.T) {
|
||||||
|
buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd")
|
||||||
|
buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", "SingleFileToExistDir")
|
||||||
|
buildCmd.Dir = buildDirectory
|
||||||
|
out, exitCode, err := runCommandWithOutput(buildCmd)
|
||||||
|
errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
|
||||||
|
|
||||||
|
if err != nil || exitCode != 0 {
|
||||||
|
t.Fatal("failed to build the image")
|
||||||
|
}
|
||||||
|
|
||||||
|
deleteImages("testaddimg")
|
||||||
|
|
||||||
|
logDone("build - add single file to existing dir")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestAddSingleFileToNonExistDir(t *testing.T) {
|
||||||
|
buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd")
|
||||||
|
buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", "SingleFileToNonExistDir")
|
||||||
|
buildCmd.Dir = buildDirectory
|
||||||
|
out, exitCode, err := runCommandWithOutput(buildCmd)
|
||||||
|
errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
|
||||||
|
|
||||||
|
if err != nil || exitCode != 0 {
|
||||||
|
t.Fatal("failed to build the image")
|
||||||
|
}
|
||||||
|
|
||||||
|
deleteImages("testaddimg")
|
||||||
|
|
||||||
|
logDone("build - add single file to non-existing dir")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestAddDirContentToRoot(t *testing.T) {
|
||||||
|
buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd")
|
||||||
|
buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", "DirContentToRoot")
|
||||||
|
buildCmd.Dir = buildDirectory
|
||||||
|
out, exitCode, err := runCommandWithOutput(buildCmd)
|
||||||
|
errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
|
||||||
|
|
||||||
|
if err != nil || exitCode != 0 {
|
||||||
|
t.Fatal("failed to build the image")
|
||||||
|
}
|
||||||
|
|
||||||
|
deleteImages("testaddimg")
|
||||||
|
|
||||||
|
logDone("build - add directory contents to root")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestAddDirContentToExistDir(t *testing.T) {
|
||||||
|
buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd")
|
||||||
|
buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", "DirContentToExistDir")
|
||||||
|
buildCmd.Dir = buildDirectory
|
||||||
|
out, exitCode, err := runCommandWithOutput(buildCmd)
|
||||||
|
errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
|
||||||
|
|
||||||
|
if err != nil || exitCode != 0 {
|
||||||
|
t.Fatal("failed to build the image")
|
||||||
|
}
|
||||||
|
|
||||||
|
deleteImages("testaddimg")
|
||||||
|
|
||||||
|
logDone("build - add directory contents to existing dir")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestAddWholeDirToRoot(t *testing.T) {
|
||||||
|
buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd")
|
||||||
|
buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", "WholeDirToRoot")
|
||||||
|
buildCmd.Dir = buildDirectory
|
||||||
|
out, exitCode, err := runCommandWithOutput(buildCmd)
|
||||||
|
errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
|
||||||
|
|
||||||
|
if err != nil || exitCode != 0 {
|
||||||
|
t.Fatal("failed to build the image")
|
||||||
|
}
|
||||||
|
|
||||||
|
deleteImages("testaddimg")
|
||||||
|
|
||||||
|
logDone("build - add whole directory to root")
|
||||||
|
}
|
||||||
|
|
||||||
// TODO: TestCaching
|
// TODO: TestCaching
|
||||||
|
|
||||||
// TODO: TestADDCacheInvalidation
|
// TODO: TestADDCacheInvalidation
|
||||||
|
|
|
@ -386,9 +386,10 @@ func (b *buildFile) checkPathForAddition(orig string) error {
|
||||||
|
|
||||||
func (b *buildFile) addContext(container *daemon.Container, orig, dest string, remote bool) error {
|
func (b *buildFile) addContext(container *daemon.Container, orig, dest string, remote bool) error {
|
||||||
var (
|
var (
|
||||||
err error
|
err error
|
||||||
origPath = path.Join(b.contextPath, orig)
|
destExists = true
|
||||||
destPath = path.Join(container.RootfsPath(), dest)
|
origPath = path.Join(b.contextPath, orig)
|
||||||
|
destPath = path.Join(container.RootfsPath(), dest)
|
||||||
)
|
)
|
||||||
|
|
||||||
if destPath != container.RootfsPath() {
|
if destPath != container.RootfsPath() {
|
||||||
|
@ -402,6 +403,14 @@ func (b *buildFile) addContext(container *daemon.Container, orig, dest string, r
|
||||||
if strings.HasSuffix(dest, "/") {
|
if strings.HasSuffix(dest, "/") {
|
||||||
destPath = destPath + "/"
|
destPath = destPath + "/"
|
||||||
}
|
}
|
||||||
|
destStat, err := os.Stat(destPath)
|
||||||
|
if err != nil {
|
||||||
|
if os.IsNotExist(err) {
|
||||||
|
destExists = false
|
||||||
|
} else {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
fi, err := os.Stat(origPath)
|
fi, err := os.Stat(origPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if os.IsNotExist(err) {
|
if os.IsNotExist(err) {
|
||||||
|
@ -423,8 +432,20 @@ func (b *buildFile) addContext(container *daemon.Container, orig, dest string, r
|
||||||
if err := archive.CopyWithTar(origPath, destPath); err != nil {
|
if err := archive.CopyWithTar(origPath, destPath); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if err := chownR(destPath, 0, 0); err != nil {
|
if destExists {
|
||||||
return err
|
files, err := ioutil.ReadDir(origPath)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
for _, file := range files {
|
||||||
|
if err := chownR(filepath.Join(destPath, file.Name()), 0, 0); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if err := chownR(destPath, 0, 0); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -456,7 +477,12 @@ func (b *buildFile) addContext(container *daemon.Container, orig, dest string, r
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := chownR(destPath, 0, 0); err != nil {
|
resPath := destPath
|
||||||
|
if destExists && destStat.IsDir() {
|
||||||
|
resPath = path.Join(destPath, path.Base(origPath))
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := chownR(resPath, 0, 0); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
|
Loading…
Reference in a new issue