github.com/docker/engine@v22.0.0-20211208180946-d456264580cf+incompatible/integration-cli/docker_cli_cp_to_container_unix_test.go (about) 1 //go:build !windows 2 // +build !windows 3 4 package main 5 6 import ( 7 "fmt" 8 "os" 9 "os/exec" 10 "path/filepath" 11 "strconv" 12 "strings" 13 "testing" 14 15 "github.com/docker/docker/pkg/system" 16 "gotest.tools/v3/assert" 17 ) 18 19 func (s *DockerSuite) TestCpToContainerWithPermissions(c *testing.T) { 20 testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux) 21 22 tmpDir := getTestDir(c, "test-cp-to-host-with-permissions") 23 defer os.RemoveAll(tmpDir) 24 25 makeTestContentInDir(c, tmpDir) 26 27 containerName := "permtest" 28 29 _, exc := dockerCmd(c, "create", "--name", containerName, "busybox", "/bin/sh", "-c", "stat -c '%u %g %a' /permdirtest /permdirtest/permtest") 30 assert.Equal(c, exc, 0) 31 defer dockerCmd(c, "rm", "-f", containerName) 32 33 srcPath := cpPath(tmpDir, "permdirtest") 34 dstPath := containerCpPath(containerName, "/") 35 36 args := []string{"cp", "-a", srcPath, dstPath} 37 out, _, err := runCommandWithOutput(exec.Command(dockerBinary, args...)) 38 assert.NilError(c, err, "output: %v", out) 39 40 out, err = startContainerGetOutput(c, containerName) 41 assert.NilError(c, err, "output: %v", out) 42 assert.Equal(c, strings.TrimSpace(out), "2 2 700\n65534 65534 400", "output: %v", out) 43 } 44 45 // Check ownership is root, both in non-userns and userns enabled modes 46 func (s *DockerSuite) TestCpCheckDestOwnership(c *testing.T) { 47 testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon) 48 tmpVolDir := getTestDir(c, "test-cp-tmpvol") 49 containerID := makeTestContainer(c, 50 testContainerOptions{volumes: []string{fmt.Sprintf("%s:/tmpvol", tmpVolDir)}}) 51 52 tmpDir := getTestDir(c, "test-cp-to-check-ownership") 53 defer os.RemoveAll(tmpDir) 54 55 makeTestContentInDir(c, tmpDir) 56 57 srcPath := cpPath(tmpDir, "file1") 58 dstPath := containerCpPath(containerID, "/tmpvol", "file1") 59 60 assert.NilError(c, runDockerCp(c, srcPath, dstPath)) 61 62 stat, err := system.Stat(filepath.Join(tmpVolDir, "file1")) 63 assert.NilError(c, err) 64 uid, gid, err := getRootUIDGID() 65 assert.NilError(c, err) 66 assert.Equal(c, stat.UID(), uint32(uid), "Copied file not owned by container root UID") 67 assert.Equal(c, stat.GID(), uint32(gid), "Copied file not owned by container root GID") 68 } 69 70 func getRootUIDGID() (int, int, error) { 71 uidgid := strings.Split(filepath.Base(testEnv.DaemonInfo.DockerRootDir), ".") 72 if len(uidgid) == 1 { 73 // user namespace remapping is not turned on; return 0 74 return 0, 0, nil 75 } 76 uid, err := strconv.Atoi(uidgid[0]) 77 if err != nil { 78 return 0, 0, err 79 } 80 gid, err := strconv.Atoi(uidgid[1]) 81 if err != nil { 82 return 0, 0, err 83 } 84 return uid, gid, nil 85 }