kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Merge pull request #5914 from unclejack/fix_unprivileged_user_creation

Browse source 
add unprivilegeduser via the Dockerfile
This commit is contained in:
Michael Crosby 2014-05-19 14:08:06 -07:00
commit b466672a4c
2 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Dockerfile
View file

@ -92,6 +92,9 @@ RUN /bin/echo -e '[default]\naccess_key=$AWS_ACCESS_KEY\nsecret_key=$AWS_SECRET_
# Set user.email so crosbymichael's in-container merge commits go smoothly # Set user.email so crosbymichael's in-container merge commits go smoothly
RUN git config --global user.email 'docker-dummy@example.com' RUN git config --global user.email 'docker-dummy@example.com'
# Add an unprivileged user to be used for tests which need it
RUN adduser unprivilegeduser
VOLUME /var/lib/docker VOLUME /var/lib/docker
WORKDIR /go/src/github.com/dotcloud/docker WORKDIR /go/src/github.com/dotcloud/docker
ENV DOCKER_BUILDTAGS apparmor selinux ENV DOCKER_BUILDTAGS apparmor selinux

7
integration-cli/docker_cli_build_test.go
View file

@ -125,16 +125,13 @@ func TestAddWholeDirToRoot(t *testing.T) {
// when we can't access files in the context. // when we can't access files in the context.
func TestBuildWithInaccessibleFilesInContext(t *testing.T) { func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildWithInaccessibleFilesInContext") buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildWithInaccessibleFilesInContext")
addUserCmd := exec.Command("adduser", "unprivilegeduser")
out, _, err := runCommandWithOutput(addUserCmd)
errorOut(err, t, fmt.Sprintf("failed to add user: %v %v", out, err))
{ {
// This is used to ensure we detect inaccessible files early during build in the cli client // This is used to ensure we detect inaccessible files early during build in the cli client
pathToInaccessibleFileBuildDirectory := filepath.Join(buildDirectory, "inaccessiblefile") pathToInaccessibleFileBuildDirectory := filepath.Join(buildDirectory, "inaccessiblefile")
pathToFileWithoutReadAccess := filepath.Join(pathToInaccessibleFileBuildDirectory, "fileWithoutReadAccess") pathToFileWithoutReadAccess := filepath.Join(pathToInaccessibleFileBuildDirectory, "fileWithoutReadAccess")
err = os.Chown(pathToFileWithoutReadAccess, 0, 0) err := os.Chown(pathToFileWithoutReadAccess, 0, 0)
errorOut(err, t, fmt.Sprintf("failed to chown file to root: %s", err)) errorOut(err, t, fmt.Sprintf("failed to chown file to root: %s", err))
err = os.Chmod(pathToFileWithoutReadAccess, 0700) err = os.Chmod(pathToFileWithoutReadAccess, 0700)
errorOut(err, t, fmt.Sprintf("failed to chmod file to 700: %s", err)) errorOut(err, t, fmt.Sprintf("failed to chmod file to 700: %s", err))
@ -162,7 +159,7 @@ func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
pathToDirectoryWithoutReadAccess := filepath.Join(pathToInaccessibleDirectoryBuildDirectory, "directoryWeCantStat") pathToDirectoryWithoutReadAccess := filepath.Join(pathToInaccessibleDirectoryBuildDirectory, "directoryWeCantStat")
pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar") pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar")
err = os.Chown(pathToDirectoryWithoutReadAccess, 0, 0) err := os.Chown(pathToDirectoryWithoutReadAccess, 0, 0)
errorOut(err, t, fmt.Sprintf("failed to chown directory to root: %s", err)) errorOut(err, t, fmt.Sprintf("failed to chown directory to root: %s", err))
err = os.Chmod(pathToDirectoryWithoutReadAccess, 0444) err = os.Chmod(pathToDirectoryWithoutReadAccess, 0444)
errorOut(err, t, fmt.Sprintf("failed to chmod directory to 755: %s", err)) errorOut(err, t, fmt.Sprintf("failed to chmod directory to 755: %s", err))