kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Migrates TestContainersAPINetworkMountsNoChown to api tests

Browse source 
This fix migrates TestContainersAPINetworkMountsNoChown from
integration-cli to api tests in integration.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This commit is contained in:
Yong Tang 2018-02-04 17:38:04 +00:00
parent 30a8c6c109
commit c028da3557
2 changed files with 59 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

77
integration-cli/docker_api_containers_unix_test.go
View file

@ -1,77 +0,0 @@
// +build !windows
package main
import (
"io/ioutil"
"os"
"path/filepath"
"github.com/docker/docker/api/types"
containertypes "github.com/docker/docker/api/types/container"
mounttypes "github.com/docker/docker/api/types/mount"
networktypes "github.com/docker/docker/api/types/network"
"github.com/docker/docker/client"
"github.com/docker/docker/integration-cli/checker"
"github.com/docker/docker/pkg/ioutils"
"github.com/docker/docker/pkg/system"
"github.com/go-check/check"
"github.com/stretchr/testify/assert"
"golang.org/x/net/context"
)
func (s *DockerSuite) TestContainersAPINetworkMountsNoChown(c *check.C) {
// chown only applies to Linux bind mounted volumes; must be same host to verify
testRequires(c, DaemonIsLinux, SameHostDaemon)
tmpDir, err := ioutils.TempDir("", "test-network-mounts")
c.Assert(err, checker.IsNil)
defer os.RemoveAll(tmpDir)
// make tmp dir readable by anyone to allow userns process to mount from
err = os.Chmod(tmpDir, 0755)
c.Assert(err, checker.IsNil)
// create temp files to use as network mounts
tmpNWFileMount := filepath.Join(tmpDir, "nwfile")
err = ioutil.WriteFile(tmpNWFileMount, []byte("network file bind mount"), 0644)
c.Assert(err, checker.IsNil)
config := containertypes.Config{
Image: "busybox",
}
hostConfig := containertypes.HostConfig{
Mounts: []mounttypes.Mount{
{
Type: "bind",
Source: tmpNWFileMount,
Target: "/etc/resolv.conf",
},
{
Type: "bind",
Source: tmpNWFileMount,
Target: "/etc/hostname",
},
{
Type: "bind",
Source: tmpNWFileMount,
Target: "/etc/hosts",
},
},
}
cli, err := client.NewEnvClient()
c.Assert(err, checker.IsNil)
defer cli.Close()
ctrCreate, err := cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "")
c.Assert(err, checker.IsNil)
// container will exit immediately because of no tty, but we only need the start sequence to test the condition
err = cli.ContainerStart(context.Background(), ctrCreate.ID, types.ContainerStartOptions{})
c.Assert(err, checker.IsNil)
// check that host-located bind mount network file did not change ownership when the container was started
statT, err := system.Stat(tmpNWFileMount)
c.Assert(err, checker.IsNil)
assert.Equal(c, uint32(0), statT.UID(), "bind mounted network file should not change ownership from root")
}

59
integration/container/mounts_linux_test.go
View file

@ -9,8 +9,15 @@ import (
"github.com/docker/docker/api/types" "github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/mount" "github.com/docker/docker/api/types/mount"
"github.com/docker/docker/api/types/network"
"github.com/docker/docker/client"
"github.com/docker/docker/integration-cli/daemon" "github.com/docker/docker/integration-cli/daemon"
"github.com/docker/docker/pkg/stdcopy" "github.com/docker/docker/pkg/stdcopy"
"github.com/docker/docker/pkg/system"
"github.com/gotestyourself/gotestyourself/fs"
"github.com/gotestyourself/gotestyourself/skip"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
) )
func TestContainerShmNoLeak(t *testing.T) { func TestContainerShmNoLeak(t *testing.T) {
@ -82,3 +89,55 @@ func TestContainerShmNoLeak(t *testing.T) {
t.Fatalf("mount leaked: %s", string(out)) t.Fatalf("mount leaked: %s", string(out))
} }
} }
func TestContainerNetworkMountsNoChown(t *testing.T) {
// chown only applies to Linux bind mounted volumes; must be same host to verify
skip.If(t, testEnv.DaemonInfo.OSType != "linux" || !testEnv.IsLocalDaemon())
defer setupTest(t)()
ctx := context.Background()
tmpDir := fs.NewDir(t, "network-file-mounts", fs.WithMode(0755), fs.WithFile("nwfile", "network file bind mount", fs.WithMode(0644)))
defer tmpDir.Remove()
tmpNWFileMount := tmpDir.Join("nwfile")
config := container.Config{
Image: "busybox",
}
hostConfig := container.HostConfig{
Mounts: []mount.Mount{
{
Type: "bind",
Source: tmpNWFileMount,
Target: "/etc/resolv.conf",
},
{
Type: "bind",
Source: tmpNWFileMount,
Target: "/etc/hostname",
},
{
Type: "bind",
Source: tmpNWFileMount,
Target: "/etc/hosts",
},
},
}
cli, err := client.NewEnvClient()
require.NoError(t, err)
defer cli.Close()
ctrCreate, err := cli.ContainerCreate(ctx, &config, &hostConfig, &network.NetworkingConfig{}, "")
require.NoError(t, err)
// container will exit immediately because of no tty, but we only need the start sequence to test the condition
err = cli.ContainerStart(ctx, ctrCreate.ID, types.ContainerStartOptions{})
require.NoError(t, err)
// check that host-located bind mount network file did not change ownership when the container was started
statT, err := system.Stat(tmpNWFileMount)
require.NoError(t, err)
assert.Equal(t, uint32(0), statT.UID(), "bind mounted network file should not change ownership from root")
}