github.com/lacework-dev/go-moby@v20.10.12+incompatible/integration-cli/docker_cli_cp_to_container_unix_test.go

github.com/lacework-dev/go-moby@v20.10.12+incompatible/integration-cli/docker_cli_cp_to_container_unix_test.go (about)

     1  // +build !windows
     2  
     3  package main
     4  
     5  import (
     6  	"fmt"
     7  	"os"
     8  	"os/exec"
     9  	"path/filepath"
    10  	"strconv"
    11  	"strings"
    12  	"testing"
    13  
    14  	"github.com/docker/docker/pkg/system"
    15  	"gotest.tools/v3/assert"
    16  )
    17  
    18  func (s *DockerSuite) TestCpToContainerWithPermissions(c *testing.T) {
    19  	testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux)
    20  
    21  	tmpDir := getTestDir(c, "test-cp-to-host-with-permissions")
    22  	defer os.RemoveAll(tmpDir)
    23  
    24  	makeTestContentInDir(c, tmpDir)
    25  
    26  	containerName := "permtest"
    27  
    28  	_, exc := dockerCmd(c, "create", "--name", containerName, "busybox", "/bin/sh", "-c", "stat -c '%u %g %a' /permdirtest /permdirtest/permtest")
    29  	assert.Equal(c, exc, 0)
    30  	defer dockerCmd(c, "rm", "-f", containerName)
    31  
    32  	srcPath := cpPath(tmpDir, "permdirtest")
    33  	dstPath := containerCpPath(containerName, "/")
    34  
    35  	args := []string{"cp", "-a", srcPath, dstPath}
    36  	out, _, err := runCommandWithOutput(exec.Command(dockerBinary, args...))
    37  	assert.NilError(c, err, "output: %v", out)
    38  
    39  	out, err = startContainerGetOutput(c, containerName)
    40  	assert.NilError(c, err, "output: %v", out)
    41  	assert.Equal(c, strings.TrimSpace(out), "2 2 700\n65534 65534 400", "output: %v", out)
    42  }
    43  
    44  // Check ownership is root, both in non-userns and userns enabled modes
    45  func (s *DockerSuite) TestCpCheckDestOwnership(c *testing.T) {
    46  	testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
    47  	tmpVolDir := getTestDir(c, "test-cp-tmpvol")
    48  	containerID := makeTestContainer(c,
    49  		testContainerOptions{volumes: []string{fmt.Sprintf("%s:/tmpvol", tmpVolDir)}})
    50  
    51  	tmpDir := getTestDir(c, "test-cp-to-check-ownership")
    52  	defer os.RemoveAll(tmpDir)
    53  
    54  	makeTestContentInDir(c, tmpDir)
    55  
    56  	srcPath := cpPath(tmpDir, "file1")
    57  	dstPath := containerCpPath(containerID, "/tmpvol", "file1")
    58  
    59  	assert.NilError(c, runDockerCp(c, srcPath, dstPath))
    60  
    61  	stat, err := system.Stat(filepath.Join(tmpVolDir, "file1"))
    62  	assert.NilError(c, err)
    63  	uid, gid, err := getRootUIDGID()
    64  	assert.NilError(c, err)
    65  	assert.Equal(c, stat.UID(), uint32(uid), "Copied file not owned by container root UID")
    66  	assert.Equal(c, stat.GID(), uint32(gid), "Copied file not owned by container root GID")
    67  }
    68  
    69  func getRootUIDGID() (int, int, error) {
    70  	uidgid := strings.Split(filepath.Base(testEnv.DaemonInfo.DockerRootDir), ".")
    71  	if len(uidgid) == 1 {
    72  		// user namespace remapping is not turned on; return 0
    73  		return 0, 0, nil
    74  	}
    75  	uid, err := strconv.Atoi(uidgid[0])
    76  	if err != nil {
    77  		return 0, 0, err
    78  	}
    79  	gid, err := strconv.Atoi(uidgid[1])
    80  	if err != nil {
    81  		return 0, 0, err
    82  	}
    83  	return uid, gid, nil
    84  }