github.com/LazyboyChen7/engine@v17.12.1-ce-rc2+incompatible/integration-cli/docker_api_containers_unix_test.go (about) 1 // +build !windows 2 3 package main 4 5 import ( 6 "io/ioutil" 7 "os" 8 "path/filepath" 9 10 "github.com/docker/docker/api/types" 11 containertypes "github.com/docker/docker/api/types/container" 12 mounttypes "github.com/docker/docker/api/types/mount" 13 networktypes "github.com/docker/docker/api/types/network" 14 "github.com/docker/docker/client" 15 "github.com/docker/docker/integration-cli/checker" 16 "github.com/docker/docker/pkg/ioutils" 17 "github.com/docker/docker/pkg/system" 18 "github.com/go-check/check" 19 "github.com/stretchr/testify/assert" 20 "golang.org/x/net/context" 21 ) 22 23 func (s *DockerSuite) TestContainersAPINetworkMountsNoChown(c *check.C) { 24 // chown only applies to Linux bind mounted volumes; must be same host to verify 25 testRequires(c, DaemonIsLinux, SameHostDaemon) 26 27 tmpDir, err := ioutils.TempDir("", "test-network-mounts") 28 c.Assert(err, checker.IsNil) 29 defer os.RemoveAll(tmpDir) 30 31 // make tmp dir readable by anyone to allow userns process to mount from 32 err = os.Chmod(tmpDir, 0755) 33 c.Assert(err, checker.IsNil) 34 // create temp files to use as network mounts 35 tmpNWFileMount := filepath.Join(tmpDir, "nwfile") 36 37 err = ioutil.WriteFile(tmpNWFileMount, []byte("network file bind mount"), 0644) 38 c.Assert(err, checker.IsNil) 39 40 config := containertypes.Config{ 41 Image: "busybox", 42 } 43 hostConfig := containertypes.HostConfig{ 44 Mounts: []mounttypes.Mount{ 45 { 46 Type: "bind", 47 Source: tmpNWFileMount, 48 Target: "/etc/resolv.conf", 49 }, 50 { 51 Type: "bind", 52 Source: tmpNWFileMount, 53 Target: "/etc/hostname", 54 }, 55 { 56 Type: "bind", 57 Source: tmpNWFileMount, 58 Target: "/etc/hosts", 59 }, 60 }, 61 } 62 63 cli, err := client.NewEnvClient() 64 c.Assert(err, checker.IsNil) 65 defer cli.Close() 66 67 ctrCreate, err := cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "") 68 c.Assert(err, checker.IsNil) 69 // container will exit immediately because of no tty, but we only need the start sequence to test the condition 70 err = cli.ContainerStart(context.Background(), ctrCreate.ID, types.ContainerStartOptions{}) 71 c.Assert(err, checker.IsNil) 72 73 // check that host-located bind mount network file did not change ownership when the container was started 74 statT, err := system.Stat(tmpNWFileMount) 75 c.Assert(err, checker.IsNil) 76 assert.Equal(c, uint32(0), statT.UID(), "bind mounted network file should not change ownership from root") 77 }