github.com/jfrazelle/docker@v1.1.2-0.20210712172922-bf78e25fe508/integration-cli/docker_cli_cp_to_container_unix_test.go (about) 1 // +build !windows 2 3 package main 4 5 import ( 6 "fmt" 7 "os" 8 "os/exec" 9 "path/filepath" 10 "strconv" 11 "strings" 12 "testing" 13 14 "github.com/docker/docker/pkg/system" 15 "gotest.tools/v3/assert" 16 ) 17 18 func (s *DockerSuite) TestCpToContainerWithPermissions(c *testing.T) { 19 testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux) 20 21 tmpDir := getTestDir(c, "test-cp-to-host-with-permissions") 22 defer os.RemoveAll(tmpDir) 23 24 makeTestContentInDir(c, tmpDir) 25 26 containerName := "permtest" 27 28 _, exc := dockerCmd(c, "create", "--name", containerName, "busybox", "/bin/sh", "-c", "stat -c '%u %g %a' /permdirtest /permdirtest/permtest") 29 assert.Equal(c, exc, 0) 30 defer dockerCmd(c, "rm", "-f", containerName) 31 32 srcPath := cpPath(tmpDir, "permdirtest") 33 dstPath := containerCpPath(containerName, "/") 34 35 args := []string{"cp", "-a", srcPath, dstPath} 36 out, _, err := runCommandWithOutput(exec.Command(dockerBinary, args...)) 37 assert.NilError(c, err, "output: %v", out) 38 39 out, err = startContainerGetOutput(c, containerName) 40 assert.NilError(c, err, "output: %v", out) 41 assert.Equal(c, strings.TrimSpace(out), "2 2 700\n65534 65534 400", "output: %v", out) 42 } 43 44 // Check ownership is root, both in non-userns and userns enabled modes 45 func (s *DockerSuite) TestCpCheckDestOwnership(c *testing.T) { 46 testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon) 47 tmpVolDir := getTestDir(c, "test-cp-tmpvol") 48 containerID := makeTestContainer(c, 49 testContainerOptions{volumes: []string{fmt.Sprintf("%s:/tmpvol", tmpVolDir)}}) 50 51 tmpDir := getTestDir(c, "test-cp-to-check-ownership") 52 defer os.RemoveAll(tmpDir) 53 54 makeTestContentInDir(c, tmpDir) 55 56 srcPath := cpPath(tmpDir, "file1") 57 dstPath := containerCpPath(containerID, "/tmpvol", "file1") 58 59 assert.NilError(c, runDockerCp(c, srcPath, dstPath)) 60 61 stat, err := system.Stat(filepath.Join(tmpVolDir, "file1")) 62 assert.NilError(c, err) 63 uid, gid, err := getRootUIDGID() 64 assert.NilError(c, err) 65 assert.Equal(c, stat.UID(), uint32(uid), "Copied file not owned by container root UID") 66 assert.Equal(c, stat.GID(), uint32(gid), "Copied file not owned by container root GID") 67 } 68 69 func getRootUIDGID() (int, int, error) { 70 uidgid := strings.Split(filepath.Base(testEnv.DaemonInfo.DockerRootDir), ".") 71 if len(uidgid) == 1 { 72 // user namespace remapping is not turned on; return 0 73 return 0, 0, nil 74 } 75 uid, err := strconv.Atoi(uidgid[0]) 76 if err != nil { 77 return 0, 0, err 78 } 79 gid, err := strconv.Atoi(uidgid[1]) 80 if err != nil { 81 return 0, 0, err 82 } 83 return uid, gid, nil 84 }