github.com/tsuna/docker@v1.7.0-rc3/integration-cli/docker_cli_run_test.go (about) 1 package main 2 3 import ( 4 "bufio" 5 "bytes" 6 "fmt" 7 "io/ioutil" 8 "net" 9 "os" 10 "os/exec" 11 "path" 12 "path/filepath" 13 "reflect" 14 "regexp" 15 "sort" 16 "strconv" 17 "strings" 18 "sync" 19 "time" 20 21 "github.com/docker/docker/nat" 22 "github.com/docker/libnetwork/resolvconf" 23 "github.com/go-check/check" 24 ) 25 26 // "test123" should be printed by docker run 27 func (s *DockerSuite) TestRunEchoStdout(c *check.C) { 28 runCmd := exec.Command(dockerBinary, "run", "busybox", "echo", "test123") 29 out, _, _, err := runCommandWithStdoutStderr(runCmd) 30 if err != nil { 31 c.Fatalf("failed to run container: %v, output: %q", err, out) 32 } 33 34 if out != "test123\n" { 35 c.Fatalf("container should've printed 'test123'") 36 } 37 } 38 39 // "test" should be printed 40 func (s *DockerSuite) TestRunEchoStdoutWithMemoryLimit(c *check.C) { 41 runCmd := exec.Command(dockerBinary, "run", "-m", "16m", "busybox", "echo", "test") 42 out, _, _, err := runCommandWithStdoutStderr(runCmd) 43 if err != nil { 44 c.Fatalf("failed to run container: %v, output: %q", err, out) 45 } 46 47 out = strings.Trim(out, "\r\n") 48 49 if expected := "test"; out != expected { 50 c.Fatalf("container should've printed %q but printed %q", expected, out) 51 } 52 } 53 54 // should run without memory swap 55 func (s *DockerSuite) TestRunWithoutMemoryswapLimit(c *check.C) { 56 testRequires(c, NativeExecDriver) 57 runCmd := exec.Command(dockerBinary, "run", "-m", "16m", "--memory-swap", "-1", "busybox", "true") 58 out, _, err := runCommandWithOutput(runCmd) 59 if err != nil { 60 c.Fatalf("failed to run container, output: %q", out) 61 } 62 } 63 64 // "test" should be printed 65 func (s *DockerSuite) TestRunEchoStdoutWitCPULimit(c *check.C) { 66 runCmd := exec.Command(dockerBinary, "run", "-c", "1000", "busybox", "echo", "test") 67 out, _, _, err := runCommandWithStdoutStderr(runCmd) 68 if err != nil { 69 c.Fatalf("failed to run container: %v, output: %q", err, out) 70 } 71 72 if out != "test\n" { 73 c.Errorf("container should've printed 'test'") 74 } 75 } 76 77 // "test" should be printed 78 func (s *DockerSuite) TestRunEchoStdoutWithCPUAndMemoryLimit(c *check.C) { 79 runCmd := exec.Command(dockerBinary, "run", "-c", "1000", "-m", "16m", "busybox", "echo", "test") 80 out, _, _, err := runCommandWithStdoutStderr(runCmd) 81 if err != nil { 82 c.Fatalf("failed to run container: %v, output: %q", err, out) 83 } 84 85 if out != "test\n" { 86 c.Errorf("container should've printed 'test', got %q instead", out) 87 } 88 } 89 90 // "test" should be printed 91 func (s *DockerSuite) TestRunEchoStdoutWithCPUQuota(c *check.C) { 92 runCmd := exec.Command(dockerBinary, "run", "--cpu-quota", "8000", "--name", "test", "busybox", "echo", "test") 93 out, _, _, err := runCommandWithStdoutStderr(runCmd) 94 if err != nil { 95 c.Fatalf("failed to run container: %v, output: %q", err, out) 96 } 97 out = strings.TrimSpace(out) 98 if strings.Contains(out, "Your kernel does not support CPU cfs quota") { 99 c.Skip("Your kernel does not support CPU cfs quota, skip this test") 100 } 101 if out != "test" { 102 c.Errorf("container should've printed 'test'") 103 } 104 105 out, err = inspectField("test", "HostConfig.CpuQuota") 106 c.Assert(err, check.IsNil) 107 108 if out != "8000" { 109 c.Errorf("setting the CPU CFS quota failed") 110 } 111 } 112 113 // "test" should be printed 114 func (s *DockerSuite) TestRunEchoNamedContainer(c *check.C) { 115 runCmd := exec.Command(dockerBinary, "run", "--name", "testfoonamedcontainer", "busybox", "echo", "test") 116 out, _, _, err := runCommandWithStdoutStderr(runCmd) 117 if err != nil { 118 c.Fatalf("failed to run container: %v, output: %q", err, out) 119 } 120 121 if out != "test\n" { 122 c.Errorf("container should've printed 'test'") 123 } 124 } 125 126 // docker run should not leak file descriptors 127 func (s *DockerSuite) TestRunLeakyFileDescriptors(c *check.C) { 128 runCmd := exec.Command(dockerBinary, "run", "busybox", "ls", "-C", "/proc/self/fd") 129 out, _, _, err := runCommandWithStdoutStderr(runCmd) 130 if err != nil { 131 c.Fatalf("failed to run container: %v, output: %q", err, out) 132 } 133 134 // normally, we should only get 0, 1, and 2, but 3 gets created by "ls" when it does "opendir" on the "fd" directory 135 if out != "0 1 2 3\n" { 136 c.Errorf("container should've printed '0 1 2 3', not: %s", out) 137 } 138 } 139 140 // it should be possible to lookup Google DNS 141 // this will fail when Internet access is unavailable 142 func (s *DockerSuite) TestRunLookupGoogleDns(c *check.C) { 143 testRequires(c, Network) 144 145 out, _, _, err := runCommandWithStdoutStderr(exec.Command(dockerBinary, "run", "busybox", "nslookup", "google.com")) 146 if err != nil { 147 c.Fatalf("failed to run container: %v, output: %q", err, out) 148 } 149 } 150 151 // the exit code should be 0 152 // some versions of lxc might make this test fail 153 func (s *DockerSuite) TestRunExitCodeZero(c *check.C) { 154 runCmd := exec.Command(dockerBinary, "run", "busybox", "true") 155 if out, _, err := runCommandWithOutput(runCmd); err != nil { 156 c.Errorf("container should've exited with exit code 0: %s, %v", out, err) 157 } 158 } 159 160 // the exit code should be 1 161 // some versions of lxc might make this test fail 162 func (s *DockerSuite) TestRunExitCodeOne(c *check.C) { 163 runCmd := exec.Command(dockerBinary, "run", "busybox", "false") 164 exitCode, err := runCommand(runCmd) 165 if err != nil && !strings.Contains("exit status 1", fmt.Sprintf("%s", err)) { 166 c.Fatal(err) 167 } 168 if exitCode != 1 { 169 c.Errorf("container should've exited with exit code 1") 170 } 171 } 172 173 // it should be possible to pipe in data via stdin to a process running in a container 174 // some versions of lxc might make this test fail 175 func (s *DockerSuite) TestRunStdinPipe(c *check.C) { 176 runCmd := exec.Command(dockerBinary, "run", "-i", "-a", "stdin", "busybox", "cat") 177 runCmd.Stdin = strings.NewReader("blahblah") 178 out, _, _, err := runCommandWithStdoutStderr(runCmd) 179 if err != nil { 180 c.Fatalf("failed to run container: %v, output: %q", err, out) 181 } 182 183 out = strings.TrimSpace(out) 184 waitCmd := exec.Command(dockerBinary, "wait", out) 185 if waitOut, _, err := runCommandWithOutput(waitCmd); err != nil { 186 c.Fatalf("error thrown while waiting for container: %s, %v", waitOut, err) 187 } 188 189 logsCmd := exec.Command(dockerBinary, "logs", out) 190 logsOut, _, err := runCommandWithOutput(logsCmd) 191 if err != nil { 192 c.Fatalf("error thrown while trying to get container logs: %s, %v", logsOut, err) 193 } 194 195 containerLogs := strings.TrimSpace(logsOut) 196 197 if containerLogs != "blahblah" { 198 c.Errorf("logs didn't print the container's logs %s", containerLogs) 199 } 200 201 rmCmd := exec.Command(dockerBinary, "rm", out) 202 if out, _, err = runCommandWithOutput(rmCmd); err != nil { 203 c.Fatalf("rm failed to remove container: %s, %v", out, err) 204 } 205 } 206 207 // the container's ID should be printed when starting a container in detached mode 208 func (s *DockerSuite) TestRunDetachedContainerIDPrinting(c *check.C) { 209 runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "true") 210 out, _, _, err := runCommandWithStdoutStderr(runCmd) 211 if err != nil { 212 c.Fatalf("failed to run container: %v, output: %q", err, out) 213 } 214 215 out = strings.TrimSpace(out) 216 waitCmd := exec.Command(dockerBinary, "wait", out) 217 if waitOut, _, err := runCommandWithOutput(waitCmd); err != nil { 218 c.Fatalf("error thrown while waiting for container: %s, %v", waitOut, err) 219 } 220 221 rmCmd := exec.Command(dockerBinary, "rm", out) 222 rmOut, _, err := runCommandWithOutput(rmCmd) 223 if err != nil { 224 c.Fatalf("rm failed to remove container: %s, %v", rmOut, err) 225 } 226 227 rmOut = strings.TrimSpace(rmOut) 228 if rmOut != out { 229 c.Errorf("rm didn't print the container ID %s %s", out, rmOut) 230 } 231 } 232 233 // the working directory should be set correctly 234 func (s *DockerSuite) TestRunWorkingDirectory(c *check.C) { 235 runCmd := exec.Command(dockerBinary, "run", "-w", "/root", "busybox", "pwd") 236 out, _, _, err := runCommandWithStdoutStderr(runCmd) 237 if err != nil { 238 c.Fatalf("failed to run container: %v, output: %q", err, out) 239 } 240 241 out = strings.TrimSpace(out) 242 243 if out != "/root" { 244 c.Errorf("-w failed to set working directory") 245 } 246 247 runCmd = exec.Command(dockerBinary, "run", "--workdir", "/root", "busybox", "pwd") 248 out, _, _, err = runCommandWithStdoutStderr(runCmd) 249 if err != nil { 250 c.Fatal(out, err) 251 } 252 253 out = strings.TrimSpace(out) 254 255 if out != "/root" { 256 c.Errorf("--workdir failed to set working directory") 257 } 258 } 259 260 // pinging Google's DNS resolver should fail when we disable the networking 261 func (s *DockerSuite) TestRunWithoutNetworking(c *check.C) { 262 runCmd := exec.Command(dockerBinary, "run", "--net=none", "busybox", "ping", "-c", "1", "8.8.8.8") 263 out, _, exitCode, err := runCommandWithStdoutStderr(runCmd) 264 if err != nil && exitCode != 1 { 265 c.Fatal(out, err) 266 } 267 if exitCode != 1 { 268 c.Errorf("--net=none should've disabled the network; the container shouldn't have been able to ping 8.8.8.8") 269 } 270 271 runCmd = exec.Command(dockerBinary, "run", "-n=false", "busybox", "ping", "-c", "1", "8.8.8.8") 272 out, _, exitCode, err = runCommandWithStdoutStderr(runCmd) 273 if err != nil && exitCode != 1 { 274 c.Fatal(out, err) 275 } 276 if exitCode != 1 { 277 c.Errorf("-n=false should've disabled the network; the container shouldn't have been able to ping 8.8.8.8") 278 } 279 } 280 281 //test --link use container name to link target 282 func (s *DockerSuite) TestRunLinksContainerWithContainerName(c *check.C) { 283 cmd := exec.Command(dockerBinary, "run", "-i", "-t", "-d", "--name", "parent", "busybox") 284 out, _, _, err := runCommandWithStdoutStderr(cmd) 285 if err != nil { 286 c.Fatalf("failed to run container: %v, output: %q", err, out) 287 } 288 ip, err := inspectField("parent", "NetworkSettings.IPAddress") 289 c.Assert(err, check.IsNil) 290 cmd = exec.Command(dockerBinary, "run", "--link", "parent:test", "busybox", "/bin/cat", "/etc/hosts") 291 out, _, err = runCommandWithOutput(cmd) 292 if err != nil { 293 c.Fatalf("failed to run container: %v, output: %q", err, out) 294 } 295 if !strings.Contains(out, ip+" test") { 296 c.Fatalf("use a container name to link target failed") 297 } 298 } 299 300 //test --link use container id to link target 301 func (s *DockerSuite) TestRunLinksContainerWithContainerId(c *check.C) { 302 cmd := exec.Command(dockerBinary, "run", "-i", "-t", "-d", "busybox") 303 cID, _, _, err := runCommandWithStdoutStderr(cmd) 304 if err != nil { 305 c.Fatalf("failed to run container: %v, output: %q", err, cID) 306 } 307 cID = strings.TrimSpace(cID) 308 ip, err := inspectField(cID, "NetworkSettings.IPAddress") 309 c.Assert(err, check.IsNil) 310 cmd = exec.Command(dockerBinary, "run", "--link", cID+":test", "busybox", "/bin/cat", "/etc/hosts") 311 out, _, err := runCommandWithOutput(cmd) 312 if err != nil { 313 c.Fatalf("failed to run container: %v, output: %q", err, out) 314 } 315 if !strings.Contains(out, ip+" test") { 316 c.Fatalf("use a container id to link target failed") 317 } 318 } 319 320 func (s *DockerSuite) TestRunLinkToContainerNetMode(c *check.C) { 321 cmd := exec.Command(dockerBinary, "run", "--name", "test", "-d", "busybox", "top") 322 out, _, err := runCommandWithOutput(cmd) 323 if err != nil { 324 c.Fatalf("failed to run container: %v, output: %q", err, out) 325 } 326 cmd = exec.Command(dockerBinary, "run", "--name", "parent", "-d", "--net=container:test", "busybox", "top") 327 out, _, err = runCommandWithOutput(cmd) 328 if err != nil { 329 c.Fatalf("failed to run container: %v, output: %q", err, out) 330 } 331 cmd = exec.Command(dockerBinary, "run", "-d", "--link=parent:parent", "busybox", "top") 332 out, _, err = runCommandWithOutput(cmd) 333 if err != nil { 334 c.Fatalf("failed to run container: %v, output: %q", err, out) 335 } 336 337 cmd = exec.Command(dockerBinary, "run", "--name", "child", "-d", "--net=container:parent", "busybox", "top") 338 out, _, err = runCommandWithOutput(cmd) 339 if err != nil { 340 c.Fatalf("failed to run container: %v, output: %q", err, out) 341 } 342 cmd = exec.Command(dockerBinary, "run", "-d", "--link=child:child", "busybox", "top") 343 out, _, err = runCommandWithOutput(cmd) 344 if err != nil { 345 c.Fatalf("failed to run container: %v, output: %q", err, out) 346 } 347 } 348 349 func (s *DockerSuite) TestRunContainerNetModeWithDnsMacHosts(c *check.C) { 350 cmd := exec.Command(dockerBinary, "run", "-d", "--name", "parent", "busybox", "top") 351 out, _, err := runCommandWithOutput(cmd) 352 if err != nil { 353 c.Fatalf("failed to run container: %v, output: %q", err, out) 354 } 355 356 cmd = exec.Command(dockerBinary, "run", "--dns", "1.2.3.4", "--net=container:parent", "busybox") 357 out, _, err = runCommandWithOutput(cmd) 358 if err == nil || !strings.Contains(out, "Conflicting options: --dns and the network mode") { 359 c.Fatalf("run --net=container with --dns should error out") 360 } 361 362 cmd = exec.Command(dockerBinary, "run", "--mac-address", "92:d0:c6:0a:29:33", "--net=container:parent", "busybox") 363 out, _, err = runCommandWithOutput(cmd) 364 if err == nil || !strings.Contains(out, "--mac-address and the network mode") { 365 c.Fatalf("run --net=container with --mac-address should error out") 366 } 367 368 cmd = exec.Command(dockerBinary, "run", "--add-host", "test:192.168.2.109", "--net=container:parent", "busybox") 369 out, _, err = runCommandWithOutput(cmd) 370 if err == nil || !strings.Contains(out, "--add-host and the network mode") { 371 c.Fatalf("run --net=container with --add-host should error out") 372 } 373 374 } 375 376 func (s *DockerSuite) TestRunModeNetContainerHostname(c *check.C) { 377 testRequires(c, ExecSupport) 378 cmd := exec.Command(dockerBinary, "run", "-i", "-d", "--name", "parent", "busybox", "top") 379 out, _, err := runCommandWithOutput(cmd) 380 if err != nil { 381 c.Fatalf("failed to run container: %v, output: %q", err, out) 382 } 383 cmd = exec.Command(dockerBinary, "exec", "parent", "cat", "/etc/hostname") 384 out, _, err = runCommandWithOutput(cmd) 385 if err != nil { 386 c.Fatalf("failed to exec command: %v, output: %q", err, out) 387 } 388 389 cmd = exec.Command(dockerBinary, "run", "--net=container:parent", "busybox", "cat", "/etc/hostname") 390 out1, _, err := runCommandWithOutput(cmd) 391 if err != nil { 392 c.Fatalf("failed to run container: %v, output: %q", err, out1) 393 } 394 if out1 != out { 395 c.Fatal("containers with shared net namespace should have same hostname") 396 } 397 } 398 399 // Regression test for #4979 400 func (s *DockerSuite) TestRunWithVolumesFromExited(c *check.C) { 401 runCmd := exec.Command(dockerBinary, "run", "--name", "test-data", "--volume", "/some/dir", "busybox", "touch", "/some/dir/file") 402 out, stderr, exitCode, err := runCommandWithStdoutStderr(runCmd) 403 if err != nil && exitCode != 0 { 404 c.Fatal("1", out, stderr, err) 405 } 406 407 runCmd = exec.Command(dockerBinary, "run", "--volumes-from", "test-data", "busybox", "cat", "/some/dir/file") 408 out, stderr, exitCode, err = runCommandWithStdoutStderr(runCmd) 409 if err != nil && exitCode != 0 { 410 c.Fatal("2", out, stderr, err) 411 } 412 } 413 414 // Volume path is a symlink which also exists on the host, and the host side is a file not a dir 415 // But the volume call is just a normal volume, not a bind mount 416 func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir(c *check.C) { 417 testRequires(c, SameHostDaemon) 418 testRequires(c, NativeExecDriver) 419 name := "test-volume-symlink" 420 421 dir, err := ioutil.TempDir("", name) 422 if err != nil { 423 c.Fatal(err) 424 } 425 defer os.RemoveAll(dir) 426 427 f, err := os.OpenFile(filepath.Join(dir, "test"), os.O_CREATE, 0700) 428 if err != nil { 429 c.Fatal(err) 430 } 431 f.Close() 432 433 dockerFile := fmt.Sprintf("FROM busybox\nRUN mkdir -p %s\nRUN ln -s %s /test", dir, dir) 434 if _, err := buildImage(name, dockerFile, false); err != nil { 435 c.Fatal(err) 436 } 437 438 out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "run", "-v", "/test/test", name)) 439 if err != nil { 440 c.Fatalf("Failed with errors: %s, %v", out, err) 441 } 442 } 443 444 func (s *DockerSuite) TestRunVolumesMountedAsReadonly(c *check.C) { 445 cmd := exec.Command(dockerBinary, "run", "-v", "/test:/test:ro", "busybox", "touch", "/test/somefile") 446 if code, err := runCommand(cmd); err == nil || code == 0 { 447 c.Fatalf("run should fail because volume is ro: exit code %d", code) 448 } 449 } 450 451 func (s *DockerSuite) TestRunVolumesFromInReadonlyMode(c *check.C) { 452 cmd := exec.Command(dockerBinary, "run", "--name", "parent", "-v", "/test", "busybox", "true") 453 if _, err := runCommand(cmd); err != nil { 454 c.Fatal(err) 455 } 456 457 cmd = exec.Command(dockerBinary, "run", "--volumes-from", "parent:ro", "busybox", "touch", "/test/file") 458 if code, err := runCommand(cmd); err == nil || code == 0 { 459 c.Fatalf("run should fail because volume is ro: exit code %d", code) 460 } 461 } 462 463 // Regression test for #1201 464 func (s *DockerSuite) TestRunVolumesFromInReadWriteMode(c *check.C) { 465 cmd := exec.Command(dockerBinary, "run", "--name", "parent", "-v", "/test", "busybox", "true") 466 if _, err := runCommand(cmd); err != nil { 467 c.Fatal(err) 468 } 469 470 cmd = exec.Command(dockerBinary, "run", "--volumes-from", "parent:rw", "busybox", "touch", "/test/file") 471 if out, _, err := runCommandWithOutput(cmd); err != nil { 472 c.Fatalf("running --volumes-from parent:rw failed with output: %q\nerror: %v", out, err) 473 } 474 475 cmd = exec.Command(dockerBinary, "run", "--volumes-from", "parent:bar", "busybox", "touch", "/test/file") 476 if out, _, err := runCommandWithOutput(cmd); err == nil || !strings.Contains(out, "invalid mode for volumes-from: bar") { 477 c.Fatalf("running --volumes-from foo:bar should have failed with invalid mount mode: %q", out) 478 } 479 480 cmd = exec.Command(dockerBinary, "run", "--volumes-from", "parent", "busybox", "touch", "/test/file") 481 if out, _, err := runCommandWithOutput(cmd); err != nil { 482 c.Fatalf("running --volumes-from parent failed with output: %q\nerror: %v", out, err) 483 } 484 } 485 486 func (s *DockerSuite) TestVolumesFromGetsProperMode(c *check.C) { 487 cmd := exec.Command(dockerBinary, "run", "--name", "parent", "-v", "/test:/test:ro", "busybox", "true") 488 if _, err := runCommand(cmd); err != nil { 489 c.Fatal(err) 490 } 491 // Expect this "rw" mode to be be ignored since the inherited volume is "ro" 492 cmd = exec.Command(dockerBinary, "run", "--volumes-from", "parent:rw", "busybox", "touch", "/test/file") 493 if _, err := runCommand(cmd); err == nil { 494 c.Fatal("Expected volumes-from to inherit read-only volume even when passing in `rw`") 495 } 496 497 cmd = exec.Command(dockerBinary, "run", "--name", "parent2", "-v", "/test:/test:ro", "busybox", "true") 498 if _, err := runCommand(cmd); err != nil { 499 c.Fatal(err) 500 } 501 // Expect this to be read-only since both are "ro" 502 cmd = exec.Command(dockerBinary, "run", "--volumes-from", "parent2:ro", "busybox", "touch", "/test/file") 503 if _, err := runCommand(cmd); err == nil { 504 c.Fatal("Expected volumes-from to inherit read-only volume even when passing in `ro`") 505 } 506 } 507 508 // Test for GH#10618 509 func (s *DockerSuite) TestRunNoDupVolumes(c *check.C) { 510 mountstr1 := randomUnixTmpDirPath("test1") + ":/someplace" 511 mountstr2 := randomUnixTmpDirPath("test2") + ":/someplace" 512 513 cmd := exec.Command(dockerBinary, "run", "-v", mountstr1, "-v", mountstr2, "busybox", "true") 514 if out, _, err := runCommandWithOutput(cmd); err == nil { 515 c.Fatal("Expected error about duplicate volume definitions") 516 } else { 517 if !strings.Contains(out, "Duplicate bind mount") { 518 c.Fatalf("Expected 'duplicate volume' error, got %v", err) 519 } 520 } 521 } 522 523 // Test for #1351 524 func (s *DockerSuite) TestRunApplyVolumesFromBeforeVolumes(c *check.C) { 525 cmd := exec.Command(dockerBinary, "run", "--name", "parent", "-v", "/test", "busybox", "touch", "/test/foo") 526 if _, err := runCommand(cmd); err != nil { 527 c.Fatal(err) 528 } 529 530 cmd = exec.Command(dockerBinary, "run", "--volumes-from", "parent", "-v", "/test", "busybox", "cat", "/test/foo") 531 if out, _, err := runCommandWithOutput(cmd); err != nil { 532 c.Fatal(out, err) 533 } 534 } 535 536 func (s *DockerSuite) TestRunMultipleVolumesFrom(c *check.C) { 537 cmd := exec.Command(dockerBinary, "run", "--name", "parent1", "-v", "/test", "busybox", "touch", "/test/foo") 538 if _, err := runCommand(cmd); err != nil { 539 c.Fatal(err) 540 } 541 542 cmd = exec.Command(dockerBinary, "run", "--name", "parent2", "-v", "/other", "busybox", "touch", "/other/bar") 543 if _, err := runCommand(cmd); err != nil { 544 c.Fatal(err) 545 } 546 547 cmd = exec.Command(dockerBinary, "run", "--volumes-from", "parent1", "--volumes-from", "parent2", 548 "busybox", "sh", "-c", "cat /test/foo && cat /other/bar") 549 if _, err := runCommand(cmd); err != nil { 550 c.Fatal(err) 551 } 552 } 553 554 // this tests verifies the ID format for the container 555 func (s *DockerSuite) TestRunVerifyContainerID(c *check.C) { 556 cmd := exec.Command(dockerBinary, "run", "-d", "busybox", "true") 557 out, exit, err := runCommandWithOutput(cmd) 558 if err != nil { 559 c.Fatal(err) 560 } 561 if exit != 0 { 562 c.Fatalf("expected exit code 0 received %d", exit) 563 } 564 match, err := regexp.MatchString("^[0-9a-f]{64}$", strings.TrimSuffix(out, "\n")) 565 if err != nil { 566 c.Fatal(err) 567 } 568 if !match { 569 c.Fatalf("Invalid container ID: %s", out) 570 } 571 } 572 573 // Test that creating a container with a volume doesn't crash. Regression test for #995. 574 func (s *DockerSuite) TestRunCreateVolume(c *check.C) { 575 cmd := exec.Command(dockerBinary, "run", "-v", "/var/lib/data", "busybox", "true") 576 if _, err := runCommand(cmd); err != nil { 577 c.Fatal(err) 578 } 579 } 580 581 // Test that creating a volume with a symlink in its path works correctly. Test for #5152. 582 // Note that this bug happens only with symlinks with a target that starts with '/'. 583 func (s *DockerSuite) TestRunCreateVolumeWithSymlink(c *check.C) { 584 image := "docker-test-createvolumewithsymlink" 585 586 buildCmd := exec.Command(dockerBinary, "build", "-t", image, "-") 587 buildCmd.Stdin = strings.NewReader(`FROM busybox 588 RUN ln -s home /bar`) 589 buildCmd.Dir = workingDirectory 590 err := buildCmd.Run() 591 if err != nil { 592 c.Fatalf("could not build '%s': %v", image, err) 593 } 594 595 cmd := exec.Command(dockerBinary, "run", "-v", "/bar/foo", "--name", "test-createvolumewithsymlink", image, "sh", "-c", "mount | grep -q /home/foo") 596 exitCode, err := runCommand(cmd) 597 if err != nil || exitCode != 0 { 598 c.Fatalf("[run] err: %v, exitcode: %d", err, exitCode) 599 } 600 601 var volPath string 602 cmd = exec.Command(dockerBinary, "inspect", "-f", "{{range .Volumes}}{{.}}{{end}}", "test-createvolumewithsymlink") 603 volPath, exitCode, err = runCommandWithOutput(cmd) 604 if err != nil || exitCode != 0 { 605 c.Fatalf("[inspect] err: %v, exitcode: %d", err, exitCode) 606 } 607 608 cmd = exec.Command(dockerBinary, "rm", "-v", "test-createvolumewithsymlink") 609 exitCode, err = runCommand(cmd) 610 if err != nil || exitCode != 0 { 611 c.Fatalf("[rm] err: %v, exitcode: %d", err, exitCode) 612 } 613 614 f, err := os.Open(volPath) 615 defer f.Close() 616 if !os.IsNotExist(err) { 617 c.Fatalf("[open] (expecting 'file does not exist' error) err: %v, volPath: %s", err, volPath) 618 } 619 } 620 621 // Tests that a volume path that has a symlink exists in a container mounting it with `--volumes-from`. 622 func (s *DockerSuite) TestRunVolumesFromSymlinkPath(c *check.C) { 623 name := "docker-test-volumesfromsymlinkpath" 624 625 buildCmd := exec.Command(dockerBinary, "build", "-t", name, "-") 626 buildCmd.Stdin = strings.NewReader(`FROM busybox 627 RUN ln -s home /foo 628 VOLUME ["/foo/bar"]`) 629 buildCmd.Dir = workingDirectory 630 err := buildCmd.Run() 631 if err != nil { 632 c.Fatalf("could not build 'docker-test-volumesfromsymlinkpath': %v", err) 633 } 634 635 cmd := exec.Command(dockerBinary, "run", "--name", "test-volumesfromsymlinkpath", name) 636 exitCode, err := runCommand(cmd) 637 if err != nil || exitCode != 0 { 638 c.Fatalf("[run] (volume) err: %v, exitcode: %d", err, exitCode) 639 } 640 641 cmd = exec.Command(dockerBinary, "run", "--volumes-from", "test-volumesfromsymlinkpath", "busybox", "sh", "-c", "ls /foo | grep -q bar") 642 exitCode, err = runCommand(cmd) 643 if err != nil || exitCode != 0 { 644 c.Fatalf("[run] err: %v, exitcode: %d", err, exitCode) 645 } 646 } 647 648 func (s *DockerSuite) TestRunExitCode(c *check.C) { 649 cmd := exec.Command(dockerBinary, "run", "busybox", "/bin/sh", "-c", "exit 72") 650 651 exit, err := runCommand(cmd) 652 if err == nil { 653 c.Fatal("should not have a non nil error") 654 } 655 if exit != 72 { 656 c.Fatalf("expected exit code 72 received %d", exit) 657 } 658 } 659 660 func (s *DockerSuite) TestRunUserDefaultsToRoot(c *check.C) { 661 cmd := exec.Command(dockerBinary, "run", "busybox", "id") 662 out, _, err := runCommandWithOutput(cmd) 663 if err != nil { 664 c.Fatal(err, out) 665 } 666 if !strings.Contains(out, "uid=0(root) gid=0(root)") { 667 c.Fatalf("expected root user got %s", out) 668 } 669 } 670 671 func (s *DockerSuite) TestRunUserByName(c *check.C) { 672 cmd := exec.Command(dockerBinary, "run", "-u", "root", "busybox", "id") 673 out, _, err := runCommandWithOutput(cmd) 674 if err != nil { 675 c.Fatal(err, out) 676 } 677 if !strings.Contains(out, "uid=0(root) gid=0(root)") { 678 c.Fatalf("expected root user got %s", out) 679 } 680 } 681 682 func (s *DockerSuite) TestRunUserByID(c *check.C) { 683 cmd := exec.Command(dockerBinary, "run", "-u", "1", "busybox", "id") 684 out, _, err := runCommandWithOutput(cmd) 685 if err != nil { 686 c.Fatal(err, out) 687 } 688 if !strings.Contains(out, "uid=1(daemon) gid=1(daemon)") { 689 c.Fatalf("expected daemon user got %s", out) 690 } 691 } 692 693 func (s *DockerSuite) TestRunUserByIDBig(c *check.C) { 694 cmd := exec.Command(dockerBinary, "run", "-u", "2147483648", "busybox", "id") 695 out, _, err := runCommandWithOutput(cmd) 696 if err == nil { 697 c.Fatal("No error, but must be.", out) 698 } 699 if !strings.Contains(out, "Uids and gids must be in range") { 700 c.Fatalf("expected error about uids range, got %s", out) 701 } 702 } 703 704 func (s *DockerSuite) TestRunUserByIDNegative(c *check.C) { 705 cmd := exec.Command(dockerBinary, "run", "-u", "-1", "busybox", "id") 706 out, _, err := runCommandWithOutput(cmd) 707 if err == nil { 708 c.Fatal("No error, but must be.", out) 709 } 710 if !strings.Contains(out, "Uids and gids must be in range") { 711 c.Fatalf("expected error about uids range, got %s", out) 712 } 713 } 714 715 func (s *DockerSuite) TestRunUserByIDZero(c *check.C) { 716 cmd := exec.Command(dockerBinary, "run", "-u", "0", "busybox", "id") 717 out, _, err := runCommandWithOutput(cmd) 718 if err != nil { 719 c.Fatal(err, out) 720 } 721 if !strings.Contains(out, "uid=0(root) gid=0(root) groups=10(wheel)") { 722 c.Fatalf("expected daemon user got %s", out) 723 } 724 } 725 726 func (s *DockerSuite) TestRunUserNotFound(c *check.C) { 727 cmd := exec.Command(dockerBinary, "run", "-u", "notme", "busybox", "id") 728 _, err := runCommand(cmd) 729 if err == nil { 730 c.Fatal("unknown user should cause container to fail") 731 } 732 } 733 734 func (s *DockerSuite) TestRunTwoConcurrentContainers(c *check.C) { 735 group := sync.WaitGroup{} 736 group.Add(2) 737 738 errChan := make(chan error, 2) 739 for i := 0; i < 2; i++ { 740 go func() { 741 defer group.Done() 742 cmd := exec.Command(dockerBinary, "run", "busybox", "sleep", "2") 743 _, err := runCommand(cmd) 744 errChan <- err 745 }() 746 } 747 748 group.Wait() 749 close(errChan) 750 751 for err := range errChan { 752 c.Assert(err, check.IsNil) 753 } 754 } 755 756 func (s *DockerSuite) TestRunEnvironment(c *check.C) { 757 cmd := exec.Command(dockerBinary, "run", "-h", "testing", "-e=FALSE=true", "-e=TRUE", "-e=TRICKY", "-e=HOME=", "busybox", "env") 758 cmd.Env = append(os.Environ(), 759 "TRUE=false", 760 "TRICKY=tri\ncky\n", 761 ) 762 763 out, _, err := runCommandWithOutput(cmd) 764 if err != nil { 765 c.Fatal(err, out) 766 } 767 768 actualEnvLxc := strings.Split(strings.TrimSpace(out), "\n") 769 actualEnv := []string{} 770 for i := range actualEnvLxc { 771 if actualEnvLxc[i] != "container=lxc" { 772 actualEnv = append(actualEnv, actualEnvLxc[i]) 773 } 774 } 775 sort.Strings(actualEnv) 776 777 goodEnv := []string{ 778 "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 779 "HOSTNAME=testing", 780 "FALSE=true", 781 "TRUE=false", 782 "TRICKY=tri", 783 "cky", 784 "", 785 "HOME=/root", 786 } 787 sort.Strings(goodEnv) 788 if len(goodEnv) != len(actualEnv) { 789 c.Fatalf("Wrong environment: should be %d variables, not: %q\n", len(goodEnv), strings.Join(actualEnv, ", ")) 790 } 791 for i := range goodEnv { 792 if actualEnv[i] != goodEnv[i] { 793 c.Fatalf("Wrong environment variable: should be %s, not %s", goodEnv[i], actualEnv[i]) 794 } 795 } 796 } 797 798 func (s *DockerSuite) TestRunEnvironmentErase(c *check.C) { 799 // Test to make sure that when we use -e on env vars that are 800 // not set in our local env that they're removed (if present) in 801 // the container 802 803 cmd := exec.Command(dockerBinary, "run", "-e", "FOO", "-e", "HOSTNAME", "busybox", "env") 804 cmd.Env = appendBaseEnv([]string{}) 805 806 out, _, err := runCommandWithOutput(cmd) 807 if err != nil { 808 c.Fatal(err, out) 809 } 810 811 actualEnvLxc := strings.Split(strings.TrimSpace(out), "\n") 812 actualEnv := []string{} 813 for i := range actualEnvLxc { 814 if actualEnvLxc[i] != "container=lxc" { 815 actualEnv = append(actualEnv, actualEnvLxc[i]) 816 } 817 } 818 sort.Strings(actualEnv) 819 820 goodEnv := []string{ 821 "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 822 "HOME=/root", 823 } 824 sort.Strings(goodEnv) 825 if len(goodEnv) != len(actualEnv) { 826 c.Fatalf("Wrong environment: should be %d variables, not: %q\n", len(goodEnv), strings.Join(actualEnv, ", ")) 827 } 828 for i := range goodEnv { 829 if actualEnv[i] != goodEnv[i] { 830 c.Fatalf("Wrong environment variable: should be %s, not %s", goodEnv[i], actualEnv[i]) 831 } 832 } 833 } 834 835 func (s *DockerSuite) TestRunEnvironmentOverride(c *check.C) { 836 // Test to make sure that when we use -e on env vars that are 837 // already in the env that we're overriding them 838 839 cmd := exec.Command(dockerBinary, "run", "-e", "HOSTNAME", "-e", "HOME=/root2", "busybox", "env") 840 cmd.Env = appendBaseEnv([]string{"HOSTNAME=bar"}) 841 842 out, _, err := runCommandWithOutput(cmd) 843 if err != nil { 844 c.Fatal(err, out) 845 } 846 847 actualEnvLxc := strings.Split(strings.TrimSpace(out), "\n") 848 actualEnv := []string{} 849 for i := range actualEnvLxc { 850 if actualEnvLxc[i] != "container=lxc" { 851 actualEnv = append(actualEnv, actualEnvLxc[i]) 852 } 853 } 854 sort.Strings(actualEnv) 855 856 goodEnv := []string{ 857 "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 858 "HOME=/root2", 859 "HOSTNAME=bar", 860 } 861 sort.Strings(goodEnv) 862 if len(goodEnv) != len(actualEnv) { 863 c.Fatalf("Wrong environment: should be %d variables, not: %q\n", len(goodEnv), strings.Join(actualEnv, ", ")) 864 } 865 for i := range goodEnv { 866 if actualEnv[i] != goodEnv[i] { 867 c.Fatalf("Wrong environment variable: should be %s, not %s", goodEnv[i], actualEnv[i]) 868 } 869 } 870 } 871 872 func (s *DockerSuite) TestRunContainerNetwork(c *check.C) { 873 cmd := exec.Command(dockerBinary, "run", "busybox", "ping", "-c", "1", "127.0.0.1") 874 if _, err := runCommand(cmd); err != nil { 875 c.Fatal(err) 876 } 877 } 878 879 // Issue #4681 880 func (s *DockerSuite) TestRunLoopbackWhenNetworkDisabled(c *check.C) { 881 cmd := exec.Command(dockerBinary, "run", "--net=none", "busybox", "ping", "-c", "1", "127.0.0.1") 882 if _, err := runCommand(cmd); err != nil { 883 c.Fatal(err) 884 } 885 } 886 887 func (s *DockerSuite) TestRunNetHostNotAllowedWithLinks(c *check.C) { 888 out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "run", "--name", "linked", "busybox", "true")) 889 if err != nil { 890 c.Fatalf("Failed with errors: %s, %v", out, err) 891 } 892 cmd := exec.Command(dockerBinary, "run", "--net=host", "--link", "linked:linked", "busybox", "true") 893 _, _, err = runCommandWithOutput(cmd) 894 if err == nil { 895 c.Fatal("Expected error") 896 } 897 } 898 899 func (s *DockerSuite) TestRunLoopbackOnlyExistsWhenNetworkingDisabled(c *check.C) { 900 cmd := exec.Command(dockerBinary, "run", "--net=none", "busybox", "ip", "-o", "-4", "a", "show", "up") 901 out, _, err := runCommandWithOutput(cmd) 902 if err != nil { 903 c.Fatal(err, out) 904 } 905 906 var ( 907 count = 0 908 parts = strings.Split(out, "\n") 909 ) 910 911 for _, l := range parts { 912 if l != "" { 913 count++ 914 } 915 } 916 917 if count != 1 { 918 c.Fatalf("Wrong interface count in container %d", count) 919 } 920 921 if !strings.HasPrefix(out, "1: lo") { 922 c.Fatalf("Wrong interface in test container: expected [1: lo], got %s", out) 923 } 924 } 925 926 // #7851 hostname outside container shows FQDN, inside only shortname 927 // For testing purposes it is not required to set host's hostname directly 928 // and use "--net=host" (as the original issue submitter did), as the same 929 // codepath is executed with "docker run -h <hostname>". Both were manually 930 // tested, but this testcase takes the simpler path of using "run -h .." 931 func (s *DockerSuite) TestRunFullHostnameSet(c *check.C) { 932 cmd := exec.Command(dockerBinary, "run", "-h", "foo.bar.baz", "busybox", "hostname") 933 out, _, err := runCommandWithOutput(cmd) 934 if err != nil { 935 c.Fatal(err, out) 936 } 937 938 if actual := strings.Trim(out, "\r\n"); actual != "foo.bar.baz" { 939 c.Fatalf("expected hostname 'foo.bar.baz', received %s", actual) 940 } 941 } 942 943 func (s *DockerSuite) TestRunPrivilegedCanMknod(c *check.C) { 944 cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok") 945 out, _, err := runCommandWithOutput(cmd) 946 if err != nil { 947 c.Fatal(err) 948 } 949 950 if actual := strings.Trim(out, "\r\n"); actual != "ok" { 951 c.Fatalf("expected output ok received %s", actual) 952 } 953 } 954 955 func (s *DockerSuite) TestRunUnprivilegedCanMknod(c *check.C) { 956 cmd := exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok") 957 out, _, err := runCommandWithOutput(cmd) 958 if err != nil { 959 c.Fatal(err) 960 } 961 962 if actual := strings.Trim(out, "\r\n"); actual != "ok" { 963 c.Fatalf("expected output ok received %s", actual) 964 } 965 } 966 967 func (s *DockerSuite) TestRunCapDropInvalid(c *check.C) { 968 cmd := exec.Command(dockerBinary, "run", "--cap-drop=CHPASS", "busybox", "ls") 969 out, _, err := runCommandWithOutput(cmd) 970 if err == nil { 971 c.Fatal(err, out) 972 } 973 } 974 975 func (s *DockerSuite) TestRunCapDropCannotMknod(c *check.C) { 976 cmd := exec.Command(dockerBinary, "run", "--cap-drop=MKNOD", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok") 977 out, _, err := runCommandWithOutput(cmd) 978 if err == nil { 979 c.Fatal(err, out) 980 } 981 982 if actual := strings.Trim(out, "\r\n"); actual == "ok" { 983 c.Fatalf("expected output not ok received %s", actual) 984 } 985 } 986 987 func (s *DockerSuite) TestRunCapDropCannotMknodLowerCase(c *check.C) { 988 cmd := exec.Command(dockerBinary, "run", "--cap-drop=mknod", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok") 989 out, _, err := runCommandWithOutput(cmd) 990 if err == nil { 991 c.Fatal(err, out) 992 } 993 994 if actual := strings.Trim(out, "\r\n"); actual == "ok" { 995 c.Fatalf("expected output not ok received %s", actual) 996 } 997 } 998 999 func (s *DockerSuite) TestRunCapDropALLCannotMknod(c *check.C) { 1000 cmd := exec.Command(dockerBinary, "run", "--cap-drop=ALL", "--cap-add=SETGID", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok") 1001 out, _, err := runCommandWithOutput(cmd) 1002 if err == nil { 1003 c.Fatal(err, out) 1004 } 1005 1006 if actual := strings.Trim(out, "\r\n"); actual == "ok" { 1007 c.Fatalf("expected output not ok received %s", actual) 1008 } 1009 } 1010 1011 func (s *DockerSuite) TestRunCapDropALLAddMknodCanMknod(c *check.C) { 1012 cmd := exec.Command(dockerBinary, "run", "--cap-drop=ALL", "--cap-add=MKNOD", "--cap-add=SETGID", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok") 1013 out, _, err := runCommandWithOutput(cmd) 1014 if err != nil { 1015 c.Fatal(err, out) 1016 } 1017 1018 if actual := strings.Trim(out, "\r\n"); actual != "ok" { 1019 c.Fatalf("expected output ok received %s", actual) 1020 } 1021 } 1022 1023 func (s *DockerSuite) TestRunCapAddInvalid(c *check.C) { 1024 cmd := exec.Command(dockerBinary, "run", "--cap-add=CHPASS", "busybox", "ls") 1025 out, _, err := runCommandWithOutput(cmd) 1026 if err == nil { 1027 c.Fatal(err, out) 1028 } 1029 } 1030 1031 func (s *DockerSuite) TestRunCapAddCanDownInterface(c *check.C) { 1032 cmd := exec.Command(dockerBinary, "run", "--cap-add=NET_ADMIN", "busybox", "sh", "-c", "ip link set eth0 down && echo ok") 1033 out, _, err := runCommandWithOutput(cmd) 1034 if err != nil { 1035 c.Fatal(err, out) 1036 } 1037 1038 if actual := strings.Trim(out, "\r\n"); actual != "ok" { 1039 c.Fatalf("expected output ok received %s", actual) 1040 } 1041 } 1042 1043 func (s *DockerSuite) TestRunCapAddALLCanDownInterface(c *check.C) { 1044 cmd := exec.Command(dockerBinary, "run", "--cap-add=ALL", "busybox", "sh", "-c", "ip link set eth0 down && echo ok") 1045 out, _, err := runCommandWithOutput(cmd) 1046 if err != nil { 1047 c.Fatal(err, out) 1048 } 1049 1050 if actual := strings.Trim(out, "\r\n"); actual != "ok" { 1051 c.Fatalf("expected output ok received %s", actual) 1052 } 1053 } 1054 1055 func (s *DockerSuite) TestRunCapAddALLDropNetAdminCanDownInterface(c *check.C) { 1056 cmd := exec.Command(dockerBinary, "run", "--cap-add=ALL", "--cap-drop=NET_ADMIN", "busybox", "sh", "-c", "ip link set eth0 down && echo ok") 1057 out, _, err := runCommandWithOutput(cmd) 1058 if err == nil { 1059 c.Fatal(err, out) 1060 } 1061 1062 if actual := strings.Trim(out, "\r\n"); actual == "ok" { 1063 c.Fatalf("expected output not ok received %s", actual) 1064 } 1065 } 1066 1067 func (s *DockerSuite) TestRunPrivilegedCanMount(c *check.C) { 1068 cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "sh", "-c", "mount -t tmpfs none /tmp && echo ok") 1069 out, _, err := runCommandWithOutput(cmd) 1070 if err != nil { 1071 c.Fatal(err) 1072 } 1073 1074 if actual := strings.Trim(out, "\r\n"); actual != "ok" { 1075 c.Fatalf("expected output ok received %s", actual) 1076 } 1077 } 1078 1079 func (s *DockerSuite) TestRunUnprivilegedCannotMount(c *check.C) { 1080 cmd := exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "mount -t tmpfs none /tmp && echo ok") 1081 out, _, err := runCommandWithOutput(cmd) 1082 if err == nil { 1083 c.Fatal(err, out) 1084 } 1085 1086 if actual := strings.Trim(out, "\r\n"); actual == "ok" { 1087 c.Fatalf("expected output not ok received %s", actual) 1088 } 1089 } 1090 1091 func (s *DockerSuite) TestRunSysNotWritableInNonPrivilegedContainers(c *check.C) { 1092 cmd := exec.Command(dockerBinary, "run", "busybox", "touch", "/sys/kernel/profiling") 1093 if code, err := runCommand(cmd); err == nil || code == 0 { 1094 c.Fatal("sys should not be writable in a non privileged container") 1095 } 1096 } 1097 1098 func (s *DockerSuite) TestRunSysWritableInPrivilegedContainers(c *check.C) { 1099 cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "touch", "/sys/kernel/profiling") 1100 if code, err := runCommand(cmd); err != nil || code != 0 { 1101 c.Fatalf("sys should be writable in privileged container") 1102 } 1103 } 1104 1105 func (s *DockerSuite) TestRunProcNotWritableInNonPrivilegedContainers(c *check.C) { 1106 cmd := exec.Command(dockerBinary, "run", "busybox", "touch", "/proc/sysrq-trigger") 1107 if code, err := runCommand(cmd); err == nil || code == 0 { 1108 c.Fatal("proc should not be writable in a non privileged container") 1109 } 1110 } 1111 1112 func (s *DockerSuite) TestRunProcWritableInPrivilegedContainers(c *check.C) { 1113 cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "touch", "/proc/sysrq-trigger") 1114 if code, err := runCommand(cmd); err != nil || code != 0 { 1115 c.Fatalf("proc should be writable in privileged container") 1116 } 1117 } 1118 1119 func (s *DockerSuite) TestRunWithCpuPeriod(c *check.C) { 1120 runCmd := exec.Command(dockerBinary, "run", "--cpu-period", "50000", "--name", "test", "busybox", "true") 1121 out, _, _, err := runCommandWithStdoutStderr(runCmd) 1122 if err != nil { 1123 c.Fatalf("failed to run container: %v, output: %q", err, out) 1124 } 1125 out = strings.TrimSpace(out) 1126 if strings.Contains(out, "Your kernel does not support CPU cfs period") { 1127 c.Skip("Your kernel does not support CPU cfs period, skip this test") 1128 } 1129 1130 out, err = inspectField("test", "HostConfig.CpuPeriod") 1131 c.Assert(err, check.IsNil) 1132 if out != "50000" { 1133 c.Errorf("setting the CPU CFS period failed") 1134 } 1135 } 1136 1137 func (s *DockerSuite) TestRunWithCpuset(c *check.C) { 1138 cmd := exec.Command(dockerBinary, "run", "--cpuset", "0", "busybox", "true") 1139 if code, err := runCommand(cmd); err != nil || code != 0 { 1140 c.Fatalf("container should run successfully with cpuset of 0: %s", err) 1141 } 1142 } 1143 1144 func (s *DockerSuite) TestRunWithCpusetCpus(c *check.C) { 1145 cmd := exec.Command(dockerBinary, "run", "--cpuset-cpus", "0", "busybox", "true") 1146 if code, err := runCommand(cmd); err != nil || code != 0 { 1147 c.Fatalf("container should run successfully with cpuset-cpus of 0: %s", err) 1148 } 1149 } 1150 1151 func (s *DockerSuite) TestRunWithCpusetMems(c *check.C) { 1152 cmd := exec.Command(dockerBinary, "run", "--cpuset-mems", "0", "busybox", "true") 1153 if code, err := runCommand(cmd); err != nil || code != 0 { 1154 c.Fatalf("container should run successfully with cpuset-mems of 0: %s", err) 1155 } 1156 } 1157 1158 func (s *DockerSuite) TestRunWithBlkioWeight(c *check.C) { 1159 cmd := exec.Command(dockerBinary, "run", "--blkio-weight", "300", "busybox", "true") 1160 if code, err := runCommand(cmd); err != nil || code != 0 { 1161 c.Fatalf("container should run successfully with blkio-weight of 300: %s", err) 1162 } 1163 } 1164 1165 func (s *DockerSuite) TestRunWithBlkioInvalidWeight(c *check.C) { 1166 cmd := exec.Command(dockerBinary, "run", "--blkio-weight", "5", "busybox", "true") 1167 if _, err := runCommand(cmd); err == nil { 1168 c.Fatalf("run with invalid blkio-weight should failed") 1169 } 1170 } 1171 1172 func (s *DockerSuite) TestRunDeviceNumbers(c *check.C) { 1173 cmd := exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "ls -l /dev/null") 1174 out, _, err := runCommandWithOutput(cmd) 1175 if err != nil { 1176 c.Fatal(err, out) 1177 } 1178 deviceLineFields := strings.Fields(out) 1179 deviceLineFields[6] = "" 1180 deviceLineFields[7] = "" 1181 deviceLineFields[8] = "" 1182 expected := []string{"crw-rw-rw-", "1", "root", "root", "1,", "3", "", "", "", "/dev/null"} 1183 1184 if !(reflect.DeepEqual(deviceLineFields, expected)) { 1185 c.Fatalf("expected output\ncrw-rw-rw- 1 root root 1, 3 May 24 13:29 /dev/null\n received\n %s\n", out) 1186 } 1187 } 1188 1189 func (s *DockerSuite) TestRunThatCharacterDevicesActLikeCharacterDevices(c *check.C) { 1190 cmd := exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "dd if=/dev/zero of=/zero bs=1k count=5 2> /dev/null ; du -h /zero") 1191 out, _, err := runCommandWithOutput(cmd) 1192 if err != nil { 1193 c.Fatal(err, out) 1194 } 1195 1196 if actual := strings.Trim(out, "\r\n"); actual[0] == '0' { 1197 c.Fatalf("expected a new file called /zero to be create that is greater than 0 bytes long, but du says: %s", actual) 1198 } 1199 } 1200 1201 func (s *DockerSuite) TestRunUnprivilegedWithChroot(c *check.C) { 1202 cmd := exec.Command(dockerBinary, "run", "busybox", "chroot", "/", "true") 1203 if _, err := runCommand(cmd); err != nil { 1204 c.Fatal(err) 1205 } 1206 } 1207 1208 func (s *DockerSuite) TestRunAddingOptionalDevices(c *check.C) { 1209 cmd := exec.Command(dockerBinary, "run", "--device", "/dev/zero:/dev/nulo", "busybox", "sh", "-c", "ls /dev/nulo") 1210 out, _, err := runCommandWithOutput(cmd) 1211 if err != nil { 1212 c.Fatal(err, out) 1213 } 1214 1215 if actual := strings.Trim(out, "\r\n"); actual != "/dev/nulo" { 1216 c.Fatalf("expected output /dev/nulo, received %s", actual) 1217 } 1218 } 1219 1220 func (s *DockerSuite) TestRunModeHostname(c *check.C) { 1221 testRequires(c, SameHostDaemon) 1222 1223 cmd := exec.Command(dockerBinary, "run", "-h=testhostname", "busybox", "cat", "/etc/hostname") 1224 out, _, err := runCommandWithOutput(cmd) 1225 if err != nil { 1226 c.Fatal(err, out) 1227 } 1228 1229 if actual := strings.Trim(out, "\r\n"); actual != "testhostname" { 1230 c.Fatalf("expected 'testhostname', but says: %q", actual) 1231 } 1232 1233 cmd = exec.Command(dockerBinary, "run", "--net=host", "busybox", "cat", "/etc/hostname") 1234 1235 out, _, err = runCommandWithOutput(cmd) 1236 if err != nil { 1237 c.Fatal(err, out) 1238 } 1239 hostname, err := os.Hostname() 1240 if err != nil { 1241 c.Fatal(err) 1242 } 1243 if actual := strings.Trim(out, "\r\n"); actual != hostname { 1244 c.Fatalf("expected %q, but says: %q", hostname, actual) 1245 } 1246 } 1247 1248 func (s *DockerSuite) TestRunRootWorkdir(c *check.C) { 1249 out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "run", "--workdir", "/", "busybox", "pwd")) 1250 if err != nil { 1251 c.Fatalf("Failed with errors: %s, %v", out, err) 1252 } 1253 if out != "/\n" { 1254 c.Fatalf("pwd returned %q (expected /\\n)", s) 1255 } 1256 } 1257 1258 func (s *DockerSuite) TestRunAllowBindMountingRoot(c *check.C) { 1259 out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "run", "-v", "/:/host", "busybox", "ls", "/host")) 1260 if err != nil { 1261 c.Fatalf("Failed with errors: %s, %v", out, err) 1262 } 1263 } 1264 1265 func (s *DockerSuite) TestRunDisallowBindMountingRootToRoot(c *check.C) { 1266 cmd := exec.Command(dockerBinary, "run", "-v", "/:/", "busybox", "ls", "/host") 1267 out, _, err := runCommandWithOutput(cmd) 1268 if err == nil { 1269 c.Fatal(out, err) 1270 } 1271 } 1272 1273 // Verify that a container gets default DNS when only localhost resolvers exist 1274 func (s *DockerSuite) TestRunDnsDefaultOptions(c *check.C) { 1275 testRequires(c, SameHostDaemon) 1276 1277 // preserve original resolv.conf for restoring after test 1278 origResolvConf, err := ioutil.ReadFile("/etc/resolv.conf") 1279 if os.IsNotExist(err) { 1280 c.Fatalf("/etc/resolv.conf does not exist") 1281 } 1282 // defer restored original conf 1283 defer func() { 1284 if err := ioutil.WriteFile("/etc/resolv.conf", origResolvConf, 0644); err != nil { 1285 c.Fatal(err) 1286 } 1287 }() 1288 1289 // test 3 cases: standard IPv4 localhost, commented out localhost, and IPv6 localhost 1290 // 2 are removed from the file at container start, and the 3rd (commented out) one is ignored by 1291 // GetNameservers(), leading to a replacement of nameservers with the default set 1292 tmpResolvConf := []byte("nameserver 127.0.0.1\n#nameserver 127.0.2.1\nnameserver ::1") 1293 if err := ioutil.WriteFile("/etc/resolv.conf", tmpResolvConf, 0644); err != nil { 1294 c.Fatal(err) 1295 } 1296 1297 cmd := exec.Command(dockerBinary, "run", "busybox", "cat", "/etc/resolv.conf") 1298 1299 actual, _, err := runCommandWithOutput(cmd) 1300 if err != nil { 1301 c.Fatal(err, actual) 1302 } 1303 1304 // check that the actual defaults are appended to the commented out 1305 // localhost resolver (which should be preserved) 1306 // NOTE: if we ever change the defaults from google dns, this will break 1307 expected := "#nameserver 127.0.2.1\n\nnameserver 8.8.8.8\nnameserver 8.8.4.4" 1308 if actual != expected { 1309 c.Fatalf("expected resolv.conf be: %q, but was: %q", expected, actual) 1310 } 1311 } 1312 1313 func (s *DockerSuite) TestRunDnsOptions(c *check.C) { 1314 cmd := exec.Command(dockerBinary, "run", "--dns=127.0.0.1", "--dns-search=mydomain", "busybox", "cat", "/etc/resolv.conf") 1315 1316 out, stderr, _, err := runCommandWithStdoutStderr(cmd) 1317 if err != nil { 1318 c.Fatal(err, out) 1319 } 1320 1321 // The client will get a warning on stderr when setting DNS to a localhost address; verify this: 1322 if !strings.Contains(stderr, "Localhost DNS setting") { 1323 c.Fatalf("Expected warning on stderr about localhost resolver, but got %q", stderr) 1324 } 1325 1326 actual := strings.Replace(strings.Trim(out, "\r\n"), "\n", " ", -1) 1327 if actual != "nameserver 127.0.0.1 search mydomain" { 1328 c.Fatalf("expected 'nameserver 127.0.0.1 search mydomain', but says: %q", actual) 1329 } 1330 1331 cmd = exec.Command(dockerBinary, "run", "--dns=127.0.0.1", "--dns-search=.", "busybox", "cat", "/etc/resolv.conf") 1332 1333 out, _, _, err = runCommandWithStdoutStderr(cmd) 1334 if err != nil { 1335 c.Fatal(err, out) 1336 } 1337 1338 actual = strings.Replace(strings.Trim(strings.Trim(out, "\r\n"), " "), "\n", " ", -1) 1339 if actual != "nameserver 127.0.0.1" { 1340 c.Fatalf("expected 'nameserver 127.0.0.1', but says: %q", actual) 1341 } 1342 } 1343 1344 func (s *DockerSuite) TestRunDnsOptionsBasedOnHostResolvConf(c *check.C) { 1345 testRequires(c, SameHostDaemon) 1346 1347 origResolvConf, err := ioutil.ReadFile("/etc/resolv.conf") 1348 if os.IsNotExist(err) { 1349 c.Fatalf("/etc/resolv.conf does not exist") 1350 } 1351 1352 hostNamservers := resolvconf.GetNameservers(origResolvConf) 1353 hostSearch := resolvconf.GetSearchDomains(origResolvConf) 1354 1355 var out string 1356 cmd := exec.Command(dockerBinary, "run", "--dns=127.0.0.1", "busybox", "cat", "/etc/resolv.conf") 1357 if out, _, _, err = runCommandWithStdoutStderr(cmd); err != nil { 1358 c.Fatal(err, out) 1359 } 1360 1361 if actualNameservers := resolvconf.GetNameservers([]byte(out)); string(actualNameservers[0]) != "127.0.0.1" { 1362 c.Fatalf("expected '127.0.0.1', but says: %q", string(actualNameservers[0])) 1363 } 1364 1365 actualSearch := resolvconf.GetSearchDomains([]byte(out)) 1366 if len(actualSearch) != len(hostSearch) { 1367 c.Fatalf("expected %q search domain(s), but it has: %q", len(hostSearch), len(actualSearch)) 1368 } 1369 for i := range actualSearch { 1370 if actualSearch[i] != hostSearch[i] { 1371 c.Fatalf("expected %q domain, but says: %q", actualSearch[i], hostSearch[i]) 1372 } 1373 } 1374 1375 cmd = exec.Command(dockerBinary, "run", "--dns-search=mydomain", "busybox", "cat", "/etc/resolv.conf") 1376 1377 if out, _, err = runCommandWithOutput(cmd); err != nil { 1378 c.Fatal(err, out) 1379 } 1380 1381 actualNameservers := resolvconf.GetNameservers([]byte(out)) 1382 if len(actualNameservers) != len(hostNamservers) { 1383 c.Fatalf("expected %q nameserver(s), but it has: %q", len(hostNamservers), len(actualNameservers)) 1384 } 1385 for i := range actualNameservers { 1386 if actualNameservers[i] != hostNamservers[i] { 1387 c.Fatalf("expected %q nameserver, but says: %q", actualNameservers[i], hostNamservers[i]) 1388 } 1389 } 1390 1391 if actualSearch = resolvconf.GetSearchDomains([]byte(out)); string(actualSearch[0]) != "mydomain" { 1392 c.Fatalf("expected 'mydomain', but says: %q", string(actualSearch[0])) 1393 } 1394 1395 // test with file 1396 tmpResolvConf := []byte("search example.com\nnameserver 12.34.56.78\nnameserver 127.0.0.1") 1397 if err := ioutil.WriteFile("/etc/resolv.conf", tmpResolvConf, 0644); err != nil { 1398 c.Fatal(err) 1399 } 1400 // put the old resolvconf back 1401 defer func() { 1402 if err := ioutil.WriteFile("/etc/resolv.conf", origResolvConf, 0644); err != nil { 1403 c.Fatal(err) 1404 } 1405 }() 1406 1407 resolvConf, err := ioutil.ReadFile("/etc/resolv.conf") 1408 if os.IsNotExist(err) { 1409 c.Fatalf("/etc/resolv.conf does not exist") 1410 } 1411 1412 hostNamservers = resolvconf.GetNameservers(resolvConf) 1413 hostSearch = resolvconf.GetSearchDomains(resolvConf) 1414 1415 cmd = exec.Command(dockerBinary, "run", "busybox", "cat", "/etc/resolv.conf") 1416 1417 if out, _, err = runCommandWithOutput(cmd); err != nil { 1418 c.Fatal(err, out) 1419 } 1420 1421 if actualNameservers = resolvconf.GetNameservers([]byte(out)); string(actualNameservers[0]) != "12.34.56.78" || len(actualNameservers) != 1 { 1422 c.Fatalf("expected '12.34.56.78', but has: %v", actualNameservers) 1423 } 1424 1425 actualSearch = resolvconf.GetSearchDomains([]byte(out)) 1426 if len(actualSearch) != len(hostSearch) { 1427 c.Fatalf("expected %q search domain(s), but it has: %q", len(hostSearch), len(actualSearch)) 1428 } 1429 for i := range actualSearch { 1430 if actualSearch[i] != hostSearch[i] { 1431 c.Fatalf("expected %q domain, but says: %q", actualSearch[i], hostSearch[i]) 1432 } 1433 } 1434 } 1435 1436 // Test to see if a non-root user can resolve a DNS name and reach out to it. Also 1437 // check if the container resolv.conf file has atleast 0644 perm. 1438 func (s *DockerSuite) TestRunNonRootUserResolvName(c *check.C) { 1439 testRequires(c, SameHostDaemon) 1440 testRequires(c, Network) 1441 1442 cmd := exec.Command(dockerBinary, "run", "--name=testperm", "--user=default", "busybox", "ping", "-c", "1", "www.docker.io") 1443 if out, err := runCommand(cmd); err != nil { 1444 c.Fatal(err, out) 1445 } 1446 1447 cID, err := getIDByName("testperm") 1448 if err != nil { 1449 c.Fatal(err) 1450 } 1451 1452 fmode := (os.FileMode)(0644) 1453 finfo, err := os.Stat(containerStorageFile(cID, "resolv.conf")) 1454 if err != nil { 1455 c.Fatal(err) 1456 } 1457 1458 if (finfo.Mode() & fmode) != fmode { 1459 c.Fatalf("Expected container resolv.conf mode to be atleast %s, instead got %s", fmode.String(), finfo.Mode().String()) 1460 } 1461 } 1462 1463 // Test if container resolv.conf gets updated the next time it restarts 1464 // if host /etc/resolv.conf has changed. This only applies if the container 1465 // uses the host's /etc/resolv.conf and does not have any dns options provided. 1466 func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) { 1467 testRequires(c, SameHostDaemon) 1468 1469 tmpResolvConf := []byte("search pommesfrites.fr\nnameserver 12.34.56.78") 1470 tmpLocalhostResolvConf := []byte("nameserver 127.0.0.1") 1471 1472 //take a copy of resolv.conf for restoring after test completes 1473 resolvConfSystem, err := ioutil.ReadFile("/etc/resolv.conf") 1474 if err != nil { 1475 c.Fatal(err) 1476 } 1477 1478 // This test case is meant to test monitoring resolv.conf when it is 1479 // a regular file not a bind mounc. So we unmount resolv.conf and replace 1480 // it with a file containing the original settings. 1481 cmd := exec.Command("umount", "/etc/resolv.conf") 1482 if _, err = runCommand(cmd); err != nil { 1483 c.Fatal(err) 1484 } 1485 1486 //cleanup 1487 defer func() { 1488 if err := ioutil.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil { 1489 c.Fatal(err) 1490 } 1491 }() 1492 1493 //1. test that a restarting container gets an updated resolv.conf 1494 cmd = exec.Command(dockerBinary, "run", "--name='first'", "busybox", "true") 1495 if _, err := runCommand(cmd); err != nil { 1496 c.Fatal(err) 1497 } 1498 containerID1, err := getIDByName("first") 1499 if err != nil { 1500 c.Fatal(err) 1501 } 1502 1503 // replace resolv.conf with our temporary copy 1504 bytesResolvConf := []byte(tmpResolvConf) 1505 if err := ioutil.WriteFile("/etc/resolv.conf", bytesResolvConf, 0644); err != nil { 1506 c.Fatal(err) 1507 } 1508 1509 // start the container again to pickup changes 1510 cmd = exec.Command(dockerBinary, "start", "first") 1511 if out, err := runCommand(cmd); err != nil { 1512 c.Fatalf("Errored out %s, \nerror: %v", string(out), err) 1513 } 1514 1515 // check for update in container 1516 containerResolv, err := readContainerFile(containerID1, "resolv.conf") 1517 if err != nil { 1518 c.Fatal(err) 1519 } 1520 if !bytes.Equal(containerResolv, bytesResolvConf) { 1521 c.Fatalf("Restarted container does not have updated resolv.conf; expected %q, got %q", tmpResolvConf, string(containerResolv)) 1522 } 1523 1524 /* //make a change to resolv.conf (in this case replacing our tmp copy with orig copy) 1525 if err := ioutil.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil { 1526 c.Fatal(err) 1527 } */ 1528 //2. test that a restarting container does not receive resolv.conf updates 1529 // if it modified the container copy of the starting point resolv.conf 1530 cmd = exec.Command(dockerBinary, "run", "--name='second'", "busybox", "sh", "-c", "echo 'search mylittlepony.com' >>/etc/resolv.conf") 1531 if _, err = runCommand(cmd); err != nil { 1532 c.Fatal(err) 1533 } 1534 containerID2, err := getIDByName("second") 1535 if err != nil { 1536 c.Fatal(err) 1537 } 1538 1539 //make a change to resolv.conf (in this case replacing our tmp copy with orig copy) 1540 if err := ioutil.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil { 1541 c.Fatal(err) 1542 } 1543 1544 // start the container again 1545 cmd = exec.Command(dockerBinary, "start", "second") 1546 if out, err := runCommand(cmd); err != nil { 1547 c.Fatalf("Errored out %s, \nerror: %v", string(out), err) 1548 } 1549 1550 // check for update in container 1551 containerResolv, err = readContainerFile(containerID2, "resolv.conf") 1552 if err != nil { 1553 c.Fatal(err) 1554 } 1555 1556 if bytes.Equal(containerResolv, resolvConfSystem) { 1557 c.Fatalf("Restarting a container after container updated resolv.conf should not pick up host changes; expected %q, got %q", string(containerResolv), string(resolvConfSystem)) 1558 } 1559 1560 //3. test that a running container's resolv.conf is not modified while running 1561 cmd = exec.Command(dockerBinary, "run", "-d", "busybox", "top") 1562 out, _, err := runCommandWithOutput(cmd) 1563 if err != nil { 1564 c.Fatal(err) 1565 } 1566 runningContainerID := strings.TrimSpace(out) 1567 1568 // replace resolv.conf 1569 if err := ioutil.WriteFile("/etc/resolv.conf", bytesResolvConf, 0644); err != nil { 1570 c.Fatal(err) 1571 } 1572 1573 // check for update in container 1574 containerResolv, err = readContainerFile(runningContainerID, "resolv.conf") 1575 if err != nil { 1576 c.Fatal(err) 1577 } 1578 1579 if bytes.Equal(containerResolv, bytesResolvConf) { 1580 c.Fatalf("Running container should not have updated resolv.conf; expected %q, got %q", string(resolvConfSystem), string(containerResolv)) 1581 } 1582 1583 //4. test that a running container's resolv.conf is updated upon restart 1584 // (the above container is still running..) 1585 cmd = exec.Command(dockerBinary, "restart", runningContainerID) 1586 if _, err = runCommand(cmd); err != nil { 1587 c.Fatal(err) 1588 } 1589 1590 // check for update in container 1591 containerResolv, err = readContainerFile(runningContainerID, "resolv.conf") 1592 if err != nil { 1593 c.Fatal(err) 1594 } 1595 if !bytes.Equal(containerResolv, bytesResolvConf) { 1596 c.Fatalf("Restarted container should have updated resolv.conf; expected %q, got %q", string(bytesResolvConf), string(containerResolv)) 1597 } 1598 1599 //5. test that additions of a localhost resolver are cleaned from 1600 // host resolv.conf before updating container's resolv.conf copies 1601 1602 // replace resolv.conf with a localhost-only nameserver copy 1603 bytesResolvConf = []byte(tmpLocalhostResolvConf) 1604 if err = ioutil.WriteFile("/etc/resolv.conf", bytesResolvConf, 0644); err != nil { 1605 c.Fatal(err) 1606 } 1607 1608 // start the container again to pickup changes 1609 cmd = exec.Command(dockerBinary, "start", "first") 1610 if out, err := runCommand(cmd); err != nil { 1611 c.Fatalf("Errored out %s, \nerror: %v", string(out), err) 1612 } 1613 1614 // our first exited container ID should have been updated, but with default DNS 1615 // after the cleanup of resolv.conf found only a localhost nameserver: 1616 containerResolv, err = readContainerFile(containerID1, "resolv.conf") 1617 if err != nil { 1618 c.Fatal(err) 1619 } 1620 1621 expected := "\nnameserver 8.8.8.8\nnameserver 8.8.4.4" 1622 if !bytes.Equal(containerResolv, []byte(expected)) { 1623 c.Fatalf("Container does not have cleaned/replaced DNS in resolv.conf; expected %q, got %q", expected, string(containerResolv)) 1624 } 1625 1626 //6. Test that replacing (as opposed to modifying) resolv.conf triggers an update 1627 // of containers' resolv.conf. 1628 1629 // Restore the original resolv.conf 1630 if err := ioutil.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil { 1631 c.Fatal(err) 1632 } 1633 1634 // Run the container so it picks up the old settings 1635 cmd = exec.Command(dockerBinary, "run", "--name='third'", "busybox", "true") 1636 if _, err := runCommand(cmd); err != nil { 1637 c.Fatal(err) 1638 } 1639 containerID3, err := getIDByName("third") 1640 if err != nil { 1641 c.Fatal(err) 1642 } 1643 1644 // Create a modified resolv.conf.aside and override resolv.conf with it 1645 bytesResolvConf = []byte(tmpResolvConf) 1646 if err := ioutil.WriteFile("/etc/resolv.conf.aside", bytesResolvConf, 0644); err != nil { 1647 c.Fatal(err) 1648 } 1649 1650 err = os.Rename("/etc/resolv.conf.aside", "/etc/resolv.conf") 1651 if err != nil { 1652 c.Fatal(err) 1653 } 1654 1655 // start the container again to pickup changes 1656 cmd = exec.Command(dockerBinary, "start", "third") 1657 if out, err := runCommand(cmd); err != nil { 1658 c.Fatalf("Errored out %s, \nerror: %v", string(out), err) 1659 } 1660 1661 // check for update in container 1662 containerResolv, err = readContainerFile(containerID3, "resolv.conf") 1663 if err != nil { 1664 c.Fatal(err) 1665 } 1666 if !bytes.Equal(containerResolv, bytesResolvConf) { 1667 c.Fatalf("Stopped container does not have updated resolv.conf; expected\n%q\n got\n%q", tmpResolvConf, string(containerResolv)) 1668 } 1669 1670 //cleanup, restore original resolv.conf happens in defer func() 1671 } 1672 1673 func (s *DockerSuite) TestRunAddHost(c *check.C) { 1674 cmd := exec.Command(dockerBinary, "run", "--add-host=extra:86.75.30.9", "busybox", "grep", "extra", "/etc/hosts") 1675 1676 out, _, err := runCommandWithOutput(cmd) 1677 if err != nil { 1678 c.Fatal(err, out) 1679 } 1680 1681 actual := strings.Trim(out, "\r\n") 1682 if actual != "86.75.30.9\textra" { 1683 c.Fatalf("expected '86.75.30.9\textra', but says: %q", actual) 1684 } 1685 } 1686 1687 // Regression test for #6983 1688 func (s *DockerSuite) TestRunAttachStdErrOnlyTTYMode(c *check.C) { 1689 cmd := exec.Command(dockerBinary, "run", "-t", "-a", "stderr", "busybox", "true") 1690 exitCode, err := runCommand(cmd) 1691 if err != nil { 1692 c.Fatal(err) 1693 } else if exitCode != 0 { 1694 c.Fatalf("Container should have exited with error code 0") 1695 } 1696 } 1697 1698 // Regression test for #6983 1699 func (s *DockerSuite) TestRunAttachStdOutOnlyTTYMode(c *check.C) { 1700 cmd := exec.Command(dockerBinary, "run", "-t", "-a", "stdout", "busybox", "true") 1701 1702 exitCode, err := runCommand(cmd) 1703 if err != nil { 1704 c.Fatal(err) 1705 } else if exitCode != 0 { 1706 c.Fatalf("Container should have exited with error code 0") 1707 } 1708 } 1709 1710 // Regression test for #6983 1711 func (s *DockerSuite) TestRunAttachStdOutAndErrTTYMode(c *check.C) { 1712 cmd := exec.Command(dockerBinary, "run", "-t", "-a", "stdout", "-a", "stderr", "busybox", "true") 1713 exitCode, err := runCommand(cmd) 1714 if err != nil { 1715 c.Fatal(err) 1716 } else if exitCode != 0 { 1717 c.Fatalf("Container should have exited with error code 0") 1718 } 1719 } 1720 1721 // Test for #10388 - this will run the same test as TestRunAttachStdOutAndErrTTYMode 1722 // but using --attach instead of -a to make sure we read the flag correctly 1723 func (s *DockerSuite) TestRunAttachWithDetach(c *check.C) { 1724 cmd := exec.Command(dockerBinary, "run", "-d", "--attach", "stdout", "busybox", "true") 1725 _, stderr, _, err := runCommandWithStdoutStderr(cmd) 1726 if err == nil { 1727 c.Fatal("Container should have exited with error code different than 0") 1728 } else if !strings.Contains(stderr, "Conflicting options: -a and -d") { 1729 c.Fatal("Should have been returned an error with conflicting options -a and -d") 1730 } 1731 } 1732 1733 func (s *DockerSuite) TestRunState(c *check.C) { 1734 cmd := exec.Command(dockerBinary, "run", "-d", "busybox", "top") 1735 1736 out, _, err := runCommandWithOutput(cmd) 1737 if err != nil { 1738 c.Fatal(err, out) 1739 } 1740 id := strings.TrimSpace(out) 1741 state, err := inspectField(id, "State.Running") 1742 c.Assert(err, check.IsNil) 1743 if state != "true" { 1744 c.Fatal("Container state is 'not running'") 1745 } 1746 pid1, err := inspectField(id, "State.Pid") 1747 c.Assert(err, check.IsNil) 1748 if pid1 == "0" { 1749 c.Fatal("Container state Pid 0") 1750 } 1751 1752 cmd = exec.Command(dockerBinary, "stop", id) 1753 out, _, err = runCommandWithOutput(cmd) 1754 if err != nil { 1755 c.Fatal(err, out) 1756 } 1757 state, err = inspectField(id, "State.Running") 1758 c.Assert(err, check.IsNil) 1759 if state != "false" { 1760 c.Fatal("Container state is 'running'") 1761 } 1762 pid2, err := inspectField(id, "State.Pid") 1763 c.Assert(err, check.IsNil) 1764 if pid2 == pid1 { 1765 c.Fatalf("Container state Pid %s, but expected %s", pid2, pid1) 1766 } 1767 1768 cmd = exec.Command(dockerBinary, "start", id) 1769 out, _, err = runCommandWithOutput(cmd) 1770 if err != nil { 1771 c.Fatal(err, out) 1772 } 1773 state, err = inspectField(id, "State.Running") 1774 c.Assert(err, check.IsNil) 1775 if state != "true" { 1776 c.Fatal("Container state is 'not running'") 1777 } 1778 pid3, err := inspectField(id, "State.Pid") 1779 c.Assert(err, check.IsNil) 1780 if pid3 == pid1 { 1781 c.Fatalf("Container state Pid %s, but expected %s", pid2, pid1) 1782 } 1783 } 1784 1785 // Test for #1737 1786 func (s *DockerSuite) TestRunCopyVolumeUidGid(c *check.C) { 1787 name := "testrunvolumesuidgid" 1788 _, err := buildImage(name, 1789 `FROM busybox 1790 RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd 1791 RUN echo 'dockerio:x:1001:' >> /etc/group 1792 RUN mkdir -p /hello && touch /hello/test && chown dockerio.dockerio /hello`, 1793 true) 1794 if err != nil { 1795 c.Fatal(err) 1796 } 1797 1798 // Test that the uid and gid is copied from the image to the volume 1799 cmd := exec.Command(dockerBinary, "run", "--rm", "-v", "/hello", name, "sh", "-c", "ls -l / | grep hello | awk '{print $3\":\"$4}'") 1800 out, _, err := runCommandWithOutput(cmd) 1801 if err != nil { 1802 c.Fatal(err, out) 1803 } 1804 out = strings.TrimSpace(out) 1805 if out != "dockerio:dockerio" { 1806 c.Fatalf("Wrong /hello ownership: %s, expected dockerio:dockerio", out) 1807 } 1808 } 1809 1810 // Test for #1582 1811 func (s *DockerSuite) TestRunCopyVolumeContent(c *check.C) { 1812 name := "testruncopyvolumecontent" 1813 _, err := buildImage(name, 1814 `FROM busybox 1815 RUN mkdir -p /hello/local && echo hello > /hello/local/world`, 1816 true) 1817 if err != nil { 1818 c.Fatal(err) 1819 } 1820 1821 // Test that the content is copied from the image to the volume 1822 cmd := exec.Command(dockerBinary, "run", "--rm", "-v", "/hello", name, "find", "/hello") 1823 out, _, err := runCommandWithOutput(cmd) 1824 if err != nil { 1825 c.Fatal(err, out) 1826 } 1827 if !(strings.Contains(out, "/hello/local/world") && strings.Contains(out, "/hello/local")) { 1828 c.Fatal("Container failed to transfer content to volume") 1829 } 1830 } 1831 1832 func (s *DockerSuite) TestRunCleanupCmdOnEntrypoint(c *check.C) { 1833 name := "testrunmdcleanuponentrypoint" 1834 if _, err := buildImage(name, 1835 `FROM busybox 1836 ENTRYPOINT ["echo"] 1837 CMD ["testingpoint"]`, 1838 true); err != nil { 1839 c.Fatal(err) 1840 } 1841 runCmd := exec.Command(dockerBinary, "run", "--entrypoint", "whoami", name) 1842 out, exit, err := runCommandWithOutput(runCmd) 1843 if err != nil { 1844 c.Fatalf("Error: %v, out: %q", err, out) 1845 } 1846 if exit != 0 { 1847 c.Fatalf("expected exit code 0 received %d, out: %q", exit, out) 1848 } 1849 out = strings.TrimSpace(out) 1850 if out != "root" { 1851 c.Fatalf("Expected output root, got %q", out) 1852 } 1853 } 1854 1855 // TestRunWorkdirExistsAndIsFile checks that if 'docker run -w' with existing file can be detected 1856 func (s *DockerSuite) TestRunWorkdirExistsAndIsFile(c *check.C) { 1857 runCmd := exec.Command(dockerBinary, "run", "-w", "/bin/cat", "busybox") 1858 out, exit, err := runCommandWithOutput(runCmd) 1859 if !(err != nil && exit == 1 && strings.Contains(out, "Cannot mkdir: /bin/cat is not a directory")) { 1860 c.Fatalf("Docker must complains about making dir, but we got out: %s, exit: %d, err: %s", out, exit, err) 1861 } 1862 } 1863 1864 func (s *DockerSuite) TestRunExitOnStdinClose(c *check.C) { 1865 name := "testrunexitonstdinclose" 1866 runCmd := exec.Command(dockerBinary, "run", "--name", name, "-i", "busybox", "/bin/cat") 1867 1868 stdin, err := runCmd.StdinPipe() 1869 if err != nil { 1870 c.Fatal(err) 1871 } 1872 stdout, err := runCmd.StdoutPipe() 1873 if err != nil { 1874 c.Fatal(err) 1875 } 1876 1877 if err := runCmd.Start(); err != nil { 1878 c.Fatal(err) 1879 } 1880 if _, err := stdin.Write([]byte("hello\n")); err != nil { 1881 c.Fatal(err) 1882 } 1883 1884 r := bufio.NewReader(stdout) 1885 line, err := r.ReadString('\n') 1886 if err != nil { 1887 c.Fatal(err) 1888 } 1889 line = strings.TrimSpace(line) 1890 if line != "hello" { 1891 c.Fatalf("Output should be 'hello', got '%q'", line) 1892 } 1893 if err := stdin.Close(); err != nil { 1894 c.Fatal(err) 1895 } 1896 finish := make(chan error) 1897 go func() { 1898 finish <- runCmd.Wait() 1899 close(finish) 1900 }() 1901 select { 1902 case err := <-finish: 1903 c.Assert(err, check.IsNil) 1904 case <-time.After(1 * time.Second): 1905 c.Fatal("docker run failed to exit on stdin close") 1906 } 1907 state, err := inspectField(name, "State.Running") 1908 c.Assert(err, check.IsNil) 1909 1910 if state != "false" { 1911 c.Fatal("Container must be stopped after stdin closing") 1912 } 1913 } 1914 1915 // Test for #2267 1916 func (s *DockerSuite) TestRunWriteHostsFileAndNotCommit(c *check.C) { 1917 name := "writehosts" 1918 cmd := exec.Command(dockerBinary, "run", "--name", name, "busybox", "sh", "-c", "echo test2267 >> /etc/hosts && cat /etc/hosts") 1919 out, _, err := runCommandWithOutput(cmd) 1920 if err != nil { 1921 c.Fatal(err, out) 1922 } 1923 if !strings.Contains(out, "test2267") { 1924 c.Fatal("/etc/hosts should contain 'test2267'") 1925 } 1926 1927 cmd = exec.Command(dockerBinary, "diff", name) 1928 if err != nil { 1929 c.Fatal(err, out) 1930 } 1931 out, _, err = runCommandWithOutput(cmd) 1932 if err != nil { 1933 c.Fatal(err, out) 1934 } 1935 1936 if len(strings.Trim(out, "\r\n")) != 0 && !eqToBaseDiff(out, c) { 1937 c.Fatal("diff should be empty") 1938 } 1939 } 1940 1941 func eqToBaseDiff(out string, c *check.C) bool { 1942 cmd := exec.Command(dockerBinary, "run", "-d", "busybox", "echo", "hello") 1943 out1, _, err := runCommandWithOutput(cmd) 1944 cID := strings.TrimSpace(out1) 1945 cmd = exec.Command(dockerBinary, "diff", cID) 1946 baseDiff, _, err := runCommandWithOutput(cmd) 1947 if err != nil { 1948 c.Fatal(err, baseDiff) 1949 } 1950 baseArr := strings.Split(baseDiff, "\n") 1951 sort.Strings(baseArr) 1952 outArr := strings.Split(out, "\n") 1953 sort.Strings(outArr) 1954 return sliceEq(baseArr, outArr) 1955 } 1956 1957 func sliceEq(a, b []string) bool { 1958 if len(a) != len(b) { 1959 return false 1960 } 1961 1962 for i := range a { 1963 if a[i] != b[i] { 1964 return false 1965 } 1966 } 1967 1968 return true 1969 } 1970 1971 // Test for #2267 1972 func (s *DockerSuite) TestRunWriteHostnameFileAndNotCommit(c *check.C) { 1973 name := "writehostname" 1974 cmd := exec.Command(dockerBinary, "run", "--name", name, "busybox", "sh", "-c", "echo test2267 >> /etc/hostname && cat /etc/hostname") 1975 out, _, err := runCommandWithOutput(cmd) 1976 if err != nil { 1977 c.Fatal(err, out) 1978 } 1979 if !strings.Contains(out, "test2267") { 1980 c.Fatal("/etc/hostname should contain 'test2267'") 1981 } 1982 1983 cmd = exec.Command(dockerBinary, "diff", name) 1984 if err != nil { 1985 c.Fatal(err, out) 1986 } 1987 out, _, err = runCommandWithOutput(cmd) 1988 if err != nil { 1989 c.Fatal(err, out) 1990 } 1991 if len(strings.Trim(out, "\r\n")) != 0 && !eqToBaseDiff(out, c) { 1992 c.Fatal("diff should be empty") 1993 } 1994 } 1995 1996 // Test for #2267 1997 func (s *DockerSuite) TestRunWriteResolvFileAndNotCommit(c *check.C) { 1998 name := "writeresolv" 1999 cmd := exec.Command(dockerBinary, "run", "--name", name, "busybox", "sh", "-c", "echo test2267 >> /etc/resolv.conf && cat /etc/resolv.conf") 2000 out, _, err := runCommandWithOutput(cmd) 2001 if err != nil { 2002 c.Fatal(err, out) 2003 } 2004 if !strings.Contains(out, "test2267") { 2005 c.Fatal("/etc/resolv.conf should contain 'test2267'") 2006 } 2007 2008 cmd = exec.Command(dockerBinary, "diff", name) 2009 if err != nil { 2010 c.Fatal(err, out) 2011 } 2012 out, _, err = runCommandWithOutput(cmd) 2013 if err != nil { 2014 c.Fatal(err, out) 2015 } 2016 if len(strings.Trim(out, "\r\n")) != 0 && !eqToBaseDiff(out, c) { 2017 c.Fatal("diff should be empty") 2018 } 2019 } 2020 2021 func (s *DockerSuite) TestRunWithBadDevice(c *check.C) { 2022 name := "baddevice" 2023 cmd := exec.Command(dockerBinary, "run", "--name", name, "--device", "/etc", "busybox", "true") 2024 out, _, err := runCommandWithOutput(cmd) 2025 if err == nil { 2026 c.Fatal("Run should fail with bad device") 2027 } 2028 expected := `"/etc": not a device node` 2029 if !strings.Contains(out, expected) { 2030 c.Fatalf("Output should contain %q, actual out: %q", expected, out) 2031 } 2032 } 2033 2034 func (s *DockerSuite) TestRunEntrypoint(c *check.C) { 2035 name := "entrypoint" 2036 cmd := exec.Command(dockerBinary, "run", "--name", name, "--entrypoint", "/bin/echo", "busybox", "-n", "foobar") 2037 out, _, err := runCommandWithOutput(cmd) 2038 if err != nil { 2039 c.Fatal(err, out) 2040 } 2041 expected := "foobar" 2042 if out != expected { 2043 c.Fatalf("Output should be %q, actual out: %q", expected, out) 2044 } 2045 } 2046 2047 func (s *DockerSuite) TestRunBindMounts(c *check.C) { 2048 testRequires(c, SameHostDaemon) 2049 2050 tmpDir, err := ioutil.TempDir("", "docker-test-container") 2051 if err != nil { 2052 c.Fatal(err) 2053 } 2054 2055 defer os.RemoveAll(tmpDir) 2056 writeFile(path.Join(tmpDir, "touch-me"), "", c) 2057 2058 // Test reading from a read-only bind mount 2059 cmd := exec.Command(dockerBinary, "run", "-v", fmt.Sprintf("%s:/tmp:ro", tmpDir), "busybox", "ls", "/tmp") 2060 out, _, err := runCommandWithOutput(cmd) 2061 if err != nil { 2062 c.Fatal(err, out) 2063 } 2064 if !strings.Contains(out, "touch-me") { 2065 c.Fatal("Container failed to read from bind mount") 2066 } 2067 2068 // test writing to bind mount 2069 cmd = exec.Command(dockerBinary, "run", "-v", fmt.Sprintf("%s:/tmp:rw", tmpDir), "busybox", "touch", "/tmp/holla") 2070 out, _, err = runCommandWithOutput(cmd) 2071 if err != nil { 2072 c.Fatal(err, out) 2073 } 2074 readFile(path.Join(tmpDir, "holla"), c) // Will fail if the file doesn't exist 2075 2076 // test mounting to an illegal destination directory 2077 cmd = exec.Command(dockerBinary, "run", "-v", fmt.Sprintf("%s:.", tmpDir), "busybox", "ls", ".") 2078 _, err = runCommand(cmd) 2079 if err == nil { 2080 c.Fatal("Container bind mounted illegal directory") 2081 } 2082 2083 // test mount a file 2084 cmd = exec.Command(dockerBinary, "run", "-v", fmt.Sprintf("%s/holla:/tmp/holla:rw", tmpDir), "busybox", "sh", "-c", "echo -n 'yotta' > /tmp/holla") 2085 _, err = runCommand(cmd) 2086 if err != nil { 2087 c.Fatal(err, out) 2088 } 2089 content := readFile(path.Join(tmpDir, "holla"), c) // Will fail if the file doesn't exist 2090 expected := "yotta" 2091 if content != expected { 2092 c.Fatalf("Output should be %q, actual out: %q", expected, content) 2093 } 2094 } 2095 2096 // Ensure that CIDFile gets deleted if it's empty 2097 // Perform this test by making `docker run` fail 2098 func (s *DockerSuite) TestRunCidFileCleanupIfEmpty(c *check.C) { 2099 tmpDir, err := ioutil.TempDir("", "TestRunCidFile") 2100 if err != nil { 2101 c.Fatal(err) 2102 } 2103 defer os.RemoveAll(tmpDir) 2104 tmpCidFile := path.Join(tmpDir, "cid") 2105 cmd := exec.Command(dockerBinary, "run", "--cidfile", tmpCidFile, "emptyfs") 2106 out, _, err := runCommandWithOutput(cmd) 2107 if err == nil { 2108 c.Fatalf("Run without command must fail. out=%s", out) 2109 } else if !strings.Contains(out, "No command specified") { 2110 c.Fatalf("Run without command failed with wrong output. out=%s\nerr=%v", out, err) 2111 } 2112 2113 if _, err := os.Stat(tmpCidFile); err == nil { 2114 c.Fatalf("empty CIDFile %q should've been deleted", tmpCidFile) 2115 } 2116 } 2117 2118 // #2098 - Docker cidFiles only contain short version of the containerId 2119 //sudo docker run --cidfile /tmp/docker_tesc.cid ubuntu echo "test" 2120 // TestRunCidFile tests that run --cidfile returns the longid 2121 func (s *DockerSuite) TestRunCidFileCheckIDLength(c *check.C) { 2122 tmpDir, err := ioutil.TempDir("", "TestRunCidFile") 2123 if err != nil { 2124 c.Fatal(err) 2125 } 2126 tmpCidFile := path.Join(tmpDir, "cid") 2127 defer os.RemoveAll(tmpDir) 2128 cmd := exec.Command(dockerBinary, "run", "-d", "--cidfile", tmpCidFile, "busybox", "true") 2129 out, _, err := runCommandWithOutput(cmd) 2130 if err != nil { 2131 c.Fatal(err) 2132 } 2133 id := strings.TrimSpace(out) 2134 buffer, err := ioutil.ReadFile(tmpCidFile) 2135 if err != nil { 2136 c.Fatal(err) 2137 } 2138 cid := string(buffer) 2139 if len(cid) != 64 { 2140 c.Fatalf("--cidfile should be a long id, not %q", id) 2141 } 2142 if cid != id { 2143 c.Fatalf("cid must be equal to %s, got %s", id, cid) 2144 } 2145 } 2146 2147 func (s *DockerSuite) TestRunNetworkNotInitializedNoneMode(c *check.C) { 2148 cmd := exec.Command(dockerBinary, "run", "-d", "--net=none", "busybox", "top") 2149 out, _, err := runCommandWithOutput(cmd) 2150 if err != nil { 2151 c.Fatal(err) 2152 } 2153 id := strings.TrimSpace(out) 2154 res, err := inspectField(id, "NetworkSettings.IPAddress") 2155 c.Assert(err, check.IsNil) 2156 if res != "" { 2157 c.Fatalf("For 'none' mode network must not be initialized, but container got IP: %s", res) 2158 } 2159 } 2160 2161 func (s *DockerSuite) TestRunSetMacAddress(c *check.C) { 2162 mac := "12:34:56:78:9a:bc" 2163 2164 cmd := exec.Command(dockerBinary, "run", "-i", "--rm", fmt.Sprintf("--mac-address=%s", mac), "busybox", "/bin/sh", "-c", "ip link show eth0 | tail -1 | awk '{print $2}'") 2165 out, ec, err := runCommandWithOutput(cmd) 2166 if err != nil { 2167 c.Fatalf("exec failed:\nexit code=%v\noutput=%s", ec, out) 2168 } 2169 actualMac := strings.TrimSpace(out) 2170 if actualMac != mac { 2171 c.Fatalf("Set MAC address with --mac-address failed. The container has an incorrect MAC address: %q, expected: %q", actualMac, mac) 2172 } 2173 } 2174 2175 func (s *DockerSuite) TestRunInspectMacAddress(c *check.C) { 2176 mac := "12:34:56:78:9a:bc" 2177 cmd := exec.Command(dockerBinary, "run", "-d", "--mac-address="+mac, "busybox", "top") 2178 out, _, err := runCommandWithOutput(cmd) 2179 if err != nil { 2180 c.Fatal(err) 2181 } 2182 id := strings.TrimSpace(out) 2183 inspectedMac, err := inspectField(id, "NetworkSettings.MacAddress") 2184 c.Assert(err, check.IsNil) 2185 if inspectedMac != mac { 2186 c.Fatalf("docker inspect outputs wrong MAC address: %q, should be: %q", inspectedMac, mac) 2187 } 2188 } 2189 2190 // test docker run use a invalid mac address 2191 func (s *DockerSuite) TestRunWithInvalidMacAddress(c *check.C) { 2192 runCmd := exec.Command(dockerBinary, "run", "--mac-address", "92:d0:c6:0a:29", "busybox") 2193 out, _, err := runCommandWithOutput(runCmd) 2194 //use a invalid mac address should with a error out 2195 if err == nil || !strings.Contains(out, "is not a valid mac address") { 2196 c.Fatalf("run with an invalid --mac-address should with error out") 2197 } 2198 } 2199 2200 func (s *DockerSuite) TestRunDeallocatePortOnMissingIptablesRule(c *check.C) { 2201 testRequires(c, SameHostDaemon) 2202 2203 cmd := exec.Command(dockerBinary, "run", "-d", "-p", "23:23", "busybox", "top") 2204 out, _, err := runCommandWithOutput(cmd) 2205 if err != nil { 2206 c.Fatal(err) 2207 } 2208 id := strings.TrimSpace(out) 2209 ip, err := inspectField(id, "NetworkSettings.IPAddress") 2210 c.Assert(err, check.IsNil) 2211 iptCmd := exec.Command("iptables", "-D", "DOCKER", "-d", fmt.Sprintf("%s/32", ip), 2212 "!", "-i", "docker0", "-o", "docker0", "-p", "tcp", "-m", "tcp", "--dport", "23", "-j", "ACCEPT") 2213 out, _, err = runCommandWithOutput(iptCmd) 2214 if err != nil { 2215 c.Fatal(err, out) 2216 } 2217 if err := deleteContainer(id); err != nil { 2218 c.Fatal(err) 2219 } 2220 cmd = exec.Command(dockerBinary, "run", "-d", "-p", "23:23", "busybox", "top") 2221 out, _, err = runCommandWithOutput(cmd) 2222 if err != nil { 2223 c.Fatal(err, out) 2224 } 2225 } 2226 2227 func (s *DockerSuite) TestRunPortInUse(c *check.C) { 2228 testRequires(c, SameHostDaemon) 2229 2230 port := "1234" 2231 cmd := exec.Command(dockerBinary, "run", "-d", "-p", port+":80", "busybox", "top") 2232 out, _, err := runCommandWithOutput(cmd) 2233 if err != nil { 2234 c.Fatalf("Fail to run listening container") 2235 } 2236 2237 cmd = exec.Command(dockerBinary, "run", "-d", "-p", port+":80", "busybox", "top") 2238 out, _, err = runCommandWithOutput(cmd) 2239 if err == nil { 2240 c.Fatalf("Binding on used port must fail") 2241 } 2242 if !strings.Contains(out, "port is already allocated") { 2243 c.Fatalf("Out must be about \"port is already allocated\", got %s", out) 2244 } 2245 } 2246 2247 // https://github.com/docker/docker/issues/12148 2248 func (s *DockerSuite) TestRunAllocatePortInReservedRange(c *check.C) { 2249 // allocate a dynamic port to get the most recent 2250 cmd := exec.Command(dockerBinary, "run", "-d", "-P", "-p", "80", "busybox", "top") 2251 out, _, err := runCommandWithOutput(cmd) 2252 if err != nil { 2253 c.Fatalf("Failed to run, output: %s, error: %s", out, err) 2254 } 2255 id := strings.TrimSpace(out) 2256 2257 cmd = exec.Command(dockerBinary, "port", id, "80") 2258 out, _, err = runCommandWithOutput(cmd) 2259 if err != nil { 2260 c.Fatalf("Failed to get port, output: %s, error: %s", out, err) 2261 } 2262 strPort := strings.Split(strings.TrimSpace(out), ":")[1] 2263 port, err := strconv.ParseInt(strPort, 10, 64) 2264 if err != nil { 2265 c.Fatalf("invalid port, got: %s, error: %s", strPort, err) 2266 } 2267 2268 // allocate a static port and a dynamic port together, with static port 2269 // takes the next recent port in dynamic port range. 2270 cmd = exec.Command(dockerBinary, "run", "-d", "-P", 2271 "-p", "80", 2272 "-p", fmt.Sprintf("%d:8080", port+1), 2273 "busybox", "top") 2274 out, _, err = runCommandWithOutput(cmd) 2275 if err != nil { 2276 c.Fatalf("Failed to run, output: %s, error: %s", out, err) 2277 } 2278 } 2279 2280 // Regression test for #7792 2281 func (s *DockerSuite) TestRunMountOrdering(c *check.C) { 2282 testRequires(c, SameHostDaemon) 2283 2284 tmpDir, err := ioutil.TempDir("", "docker_nested_mount_test") 2285 if err != nil { 2286 c.Fatal(err) 2287 } 2288 defer os.RemoveAll(tmpDir) 2289 2290 tmpDir2, err := ioutil.TempDir("", "docker_nested_mount_test2") 2291 if err != nil { 2292 c.Fatal(err) 2293 } 2294 defer os.RemoveAll(tmpDir2) 2295 2296 // Create a temporary tmpfs mounc. 2297 fooDir := filepath.Join(tmpDir, "foo") 2298 if err := os.MkdirAll(filepath.Join(tmpDir, "foo"), 0755); err != nil { 2299 c.Fatalf("failed to mkdir at %s - %s", fooDir, err) 2300 } 2301 2302 if err := ioutil.WriteFile(fmt.Sprintf("%s/touch-me", fooDir), []byte{}, 0644); err != nil { 2303 c.Fatal(err) 2304 } 2305 2306 if err := ioutil.WriteFile(fmt.Sprintf("%s/touch-me", tmpDir), []byte{}, 0644); err != nil { 2307 c.Fatal(err) 2308 } 2309 2310 if err := ioutil.WriteFile(fmt.Sprintf("%s/touch-me", tmpDir2), []byte{}, 0644); err != nil { 2311 c.Fatal(err) 2312 } 2313 2314 cmd := exec.Command(dockerBinary, "run", 2315 "-v", fmt.Sprintf("%s:/tmp", tmpDir), 2316 "-v", fmt.Sprintf("%s:/tmp/foo", fooDir), 2317 "-v", fmt.Sprintf("%s:/tmp/tmp2", tmpDir2), 2318 "-v", fmt.Sprintf("%s:/tmp/tmp2/foo", fooDir), 2319 "busybox:latest", "sh", "-c", 2320 "ls /tmp/touch-me && ls /tmp/foo/touch-me && ls /tmp/tmp2/touch-me && ls /tmp/tmp2/foo/touch-me") 2321 out, _, err := runCommandWithOutput(cmd) 2322 if err != nil { 2323 c.Fatal(out, err) 2324 } 2325 } 2326 2327 // Regression test for https://github.com/docker/docker/issues/8259 2328 func (s *DockerSuite) TestRunReuseBindVolumeThatIsSymlink(c *check.C) { 2329 testRequires(c, SameHostDaemon) 2330 2331 tmpDir, err := ioutil.TempDir(os.TempDir(), "testlink") 2332 if err != nil { 2333 c.Fatal(err) 2334 } 2335 defer os.RemoveAll(tmpDir) 2336 2337 linkPath := os.TempDir() + "/testlink2" 2338 if err := os.Symlink(tmpDir, linkPath); err != nil { 2339 c.Fatal(err) 2340 } 2341 defer os.RemoveAll(linkPath) 2342 2343 // Create first container 2344 cmd := exec.Command(dockerBinary, "run", "-v", fmt.Sprintf("%s:/tmp/test", linkPath), "busybox", "ls", "-lh", "/tmp/test") 2345 if _, err := runCommand(cmd); err != nil { 2346 c.Fatal(err) 2347 } 2348 2349 // Create second container with same symlinked path 2350 // This will fail if the referenced issue is hit with a "Volume exists" error 2351 cmd = exec.Command(dockerBinary, "run", "-v", fmt.Sprintf("%s:/tmp/test", linkPath), "busybox", "ls", "-lh", "/tmp/test") 2352 if out, _, err := runCommandWithOutput(cmd); err != nil { 2353 c.Fatal(err, out) 2354 } 2355 } 2356 2357 //GH#10604: Test an "/etc" volume doesn't overlay special bind mounts in container 2358 func (s *DockerSuite) TestRunCreateVolumeEtc(c *check.C) { 2359 cmd := exec.Command(dockerBinary, "run", "--dns=127.0.0.1", "-v", "/etc", "busybox", "cat", "/etc/resolv.conf") 2360 out, _, err := runCommandWithOutput(cmd) 2361 if err != nil { 2362 c.Fatalf("failed to run container: %v, output: %q", err, out) 2363 } 2364 if !strings.Contains(out, "nameserver 127.0.0.1") { 2365 c.Fatal("/etc volume mount hides /etc/resolv.conf") 2366 } 2367 2368 cmd = exec.Command(dockerBinary, "run", "-h=test123", "-v", "/etc", "busybox", "cat", "/etc/hostname") 2369 out, _, err = runCommandWithOutput(cmd) 2370 if err != nil { 2371 c.Fatalf("failed to run container: %v, output: %q", err, out) 2372 } 2373 if !strings.Contains(out, "test123") { 2374 c.Fatal("/etc volume mount hides /etc/hostname") 2375 } 2376 2377 cmd = exec.Command(dockerBinary, "run", "--add-host=test:192.168.0.1", "-v", "/etc", "busybox", "cat", "/etc/hosts") 2378 out, _, err = runCommandWithOutput(cmd) 2379 if err != nil { 2380 c.Fatalf("failed to run container: %v, output: %q", err, out) 2381 } 2382 out = strings.Replace(out, "\n", " ", -1) 2383 if !strings.Contains(out, "192.168.0.1\ttest") || !strings.Contains(out, "127.0.0.1\tlocalhost") { 2384 c.Fatal("/etc volume mount hides /etc/hosts") 2385 } 2386 } 2387 2388 func (s *DockerSuite) TestVolumesNoCopyData(c *check.C) { 2389 if _, err := buildImage("dataimage", 2390 `FROM busybox 2391 RUN mkdir -p /foo 2392 RUN touch /foo/bar`, 2393 true); err != nil { 2394 c.Fatal(err) 2395 } 2396 2397 cmd := exec.Command(dockerBinary, "run", "--name", "test", "-v", "/foo", "busybox") 2398 if _, err := runCommand(cmd); err != nil { 2399 c.Fatal(err) 2400 } 2401 2402 cmd = exec.Command(dockerBinary, "run", "--volumes-from", "test", "dataimage", "ls", "-lh", "/foo/bar") 2403 if out, _, err := runCommandWithOutput(cmd); err == nil || !strings.Contains(out, "No such file or directory") { 2404 c.Fatalf("Data was copied on volumes-from but shouldn't be:\n%q", out) 2405 } 2406 2407 tmpDir := randomUnixTmpDirPath("docker_test_bind_mount_copy_data") 2408 cmd = exec.Command(dockerBinary, "run", "-v", tmpDir+":/foo", "dataimage", "ls", "-lh", "/foo/bar") 2409 if out, _, err := runCommandWithOutput(cmd); err == nil || !strings.Contains(out, "No such file or directory") { 2410 c.Fatalf("Data was copied on bind-mount but shouldn't be:\n%q", out) 2411 } 2412 } 2413 2414 func (s *DockerSuite) TestRunNoOutputFromPullInStdout(c *check.C) { 2415 // just run with unknown image 2416 cmd := exec.Command(dockerBinary, "run", "asdfsg") 2417 stdout := bytes.NewBuffer(nil) 2418 cmd.Stdout = stdout 2419 if err := cmd.Run(); err == nil { 2420 c.Fatal("Run with unknown image should fail") 2421 } 2422 if stdout.Len() != 0 { 2423 c.Fatalf("Stdout contains output from pull: %s", stdout) 2424 } 2425 } 2426 2427 func (s *DockerSuite) TestRunVolumesCleanPaths(c *check.C) { 2428 if _, err := buildImage("run_volumes_clean_paths", 2429 `FROM busybox 2430 VOLUME /foo/`, 2431 true); err != nil { 2432 c.Fatal(err) 2433 } 2434 2435 cmd := exec.Command(dockerBinary, "run", "-v", "/foo", "-v", "/bar/", "--name", "dark_helmet", "run_volumes_clean_paths") 2436 if out, _, err := runCommandWithOutput(cmd); err != nil { 2437 c.Fatal(err, out) 2438 } 2439 2440 out, err := inspectFieldMap("dark_helmet", "Volumes", "/foo/") 2441 c.Assert(err, check.IsNil) 2442 if out != "" { 2443 c.Fatalf("Found unexpected volume entry for '/foo/' in volumes\n%q", out) 2444 } 2445 2446 out, err = inspectFieldMap("dark_helmet", "Volumes", "/foo") 2447 c.Assert(err, check.IsNil) 2448 if !strings.Contains(out, volumesConfigPath) { 2449 c.Fatalf("Volume was not defined for /foo\n%q", out) 2450 } 2451 2452 out, err = inspectFieldMap("dark_helmet", "Volumes", "/bar/") 2453 c.Assert(err, check.IsNil) 2454 if out != "" { 2455 c.Fatalf("Found unexpected volume entry for '/bar/' in volumes\n%q", out) 2456 } 2457 out, err = inspectFieldMap("dark_helmet", "Volumes", "/bar") 2458 c.Assert(err, check.IsNil) 2459 if !strings.Contains(out, volumesConfigPath) { 2460 c.Fatalf("Volume was not defined for /bar\n%q", out) 2461 } 2462 } 2463 2464 // Regression test for #3631 2465 func (s *DockerSuite) TestRunSlowStdoutConsumer(c *check.C) { 2466 cont := exec.Command(dockerBinary, "run", "--rm", "busybox", "/bin/sh", "-c", "dd if=/dev/zero of=/dev/stdout bs=1024 count=2000 | catv") 2467 2468 stdout, err := cont.StdoutPipe() 2469 if err != nil { 2470 c.Fatal(err) 2471 } 2472 2473 if err := cont.Start(); err != nil { 2474 c.Fatal(err) 2475 } 2476 n, err := consumeWithSpeed(stdout, 10000, 5*time.Millisecond, nil) 2477 if err != nil { 2478 c.Fatal(err) 2479 } 2480 2481 expected := 2 * 1024 * 2000 2482 if n != expected { 2483 c.Fatalf("Expected %d, got %d", expected, n) 2484 } 2485 } 2486 2487 func (s *DockerSuite) TestRunAllowPortRangeThroughExpose(c *check.C) { 2488 cmd := exec.Command(dockerBinary, "run", "-d", "--expose", "3000-3003", "-P", "busybox", "top") 2489 out, _, err := runCommandWithOutput(cmd) 2490 if err != nil { 2491 c.Fatal(err) 2492 } 2493 id := strings.TrimSpace(out) 2494 portstr, err := inspectFieldJSON(id, "NetworkSettings.Ports") 2495 c.Assert(err, check.IsNil) 2496 var ports nat.PortMap 2497 if err = unmarshalJSON([]byte(portstr), &ports); err != nil { 2498 c.Fatal(err) 2499 } 2500 for port, binding := range ports { 2501 portnum, _ := strconv.Atoi(strings.Split(string(port), "/")[0]) 2502 if portnum < 3000 || portnum > 3003 { 2503 c.Fatalf("Port %d is out of range ", portnum) 2504 } 2505 if binding == nil || len(binding) != 1 || len(binding[0].HostPort) == 0 { 2506 c.Fatalf("Port is not mapped for the port %d", port) 2507 } 2508 } 2509 } 2510 2511 // test docker run expose a invalid port 2512 func (s *DockerSuite) TestRunExposePort(c *check.C) { 2513 runCmd := exec.Command(dockerBinary, "run", "--expose", "80000", "busybox") 2514 out, _, err := runCommandWithOutput(runCmd) 2515 //expose a invalid port should with a error out 2516 if err == nil || !strings.Contains(out, "Invalid range format for --expose") { 2517 c.Fatalf("run --expose a invalid port should with error out") 2518 } 2519 } 2520 2521 func (s *DockerSuite) TestRunUnknownCommand(c *check.C) { 2522 testRequires(c, NativeExecDriver) 2523 runCmd := exec.Command(dockerBinary, "create", "busybox", "/bin/nada") 2524 cID, _, _, err := runCommandWithStdoutStderr(runCmd) 2525 if err != nil { 2526 c.Fatalf("Failed to create container: %v, output: %q", err, cID) 2527 } 2528 cID = strings.TrimSpace(cID) 2529 2530 runCmd = exec.Command(dockerBinary, "start", cID) 2531 _, _, _, _ = runCommandWithStdoutStderr(runCmd) 2532 2533 rc, err := inspectField(cID, "State.ExitCode") 2534 c.Assert(err, check.IsNil) 2535 if rc == "0" { 2536 c.Fatalf("ExitCode(%v) cannot be 0", rc) 2537 } 2538 } 2539 2540 func (s *DockerSuite) TestRunModeIpcHost(c *check.C) { 2541 testRequires(c, SameHostDaemon) 2542 2543 hostIpc, err := os.Readlink("/proc/1/ns/ipc") 2544 if err != nil { 2545 c.Fatal(err) 2546 } 2547 2548 cmd := exec.Command(dockerBinary, "run", "--ipc=host", "busybox", "readlink", "/proc/self/ns/ipc") 2549 out2, _, err := runCommandWithOutput(cmd) 2550 if err != nil { 2551 c.Fatal(err, out2) 2552 } 2553 2554 out2 = strings.Trim(out2, "\n") 2555 if hostIpc != out2 { 2556 c.Fatalf("IPC different with --ipc=host %s != %s\n", hostIpc, out2) 2557 } 2558 2559 cmd = exec.Command(dockerBinary, "run", "busybox", "readlink", "/proc/self/ns/ipc") 2560 out2, _, err = runCommandWithOutput(cmd) 2561 if err != nil { 2562 c.Fatal(err, out2) 2563 } 2564 2565 out2 = strings.Trim(out2, "\n") 2566 if hostIpc == out2 { 2567 c.Fatalf("IPC should be different without --ipc=host %s == %s\n", hostIpc, out2) 2568 } 2569 } 2570 2571 func (s *DockerSuite) TestRunModeIpcContainer(c *check.C) { 2572 testRequires(c, SameHostDaemon) 2573 2574 cmd := exec.Command(dockerBinary, "run", "-d", "busybox", "top") 2575 out, _, err := runCommandWithOutput(cmd) 2576 if err != nil { 2577 c.Fatal(err, out) 2578 } 2579 id := strings.TrimSpace(out) 2580 state, err := inspectField(id, "State.Running") 2581 c.Assert(err, check.IsNil) 2582 if state != "true" { 2583 c.Fatal("Container state is 'not running'") 2584 } 2585 pid1, err := inspectField(id, "State.Pid") 2586 c.Assert(err, check.IsNil) 2587 2588 parentContainerIpc, err := os.Readlink(fmt.Sprintf("/proc/%s/ns/ipc", pid1)) 2589 if err != nil { 2590 c.Fatal(err) 2591 } 2592 cmd = exec.Command(dockerBinary, "run", fmt.Sprintf("--ipc=container:%s", id), "busybox", "readlink", "/proc/self/ns/ipc") 2593 out2, _, err := runCommandWithOutput(cmd) 2594 if err != nil { 2595 c.Fatal(err, out2) 2596 } 2597 2598 out2 = strings.Trim(out2, "\n") 2599 if parentContainerIpc != out2 { 2600 c.Fatalf("IPC different with --ipc=container:%s %s != %s\n", id, parentContainerIpc, out2) 2601 } 2602 } 2603 2604 func (s *DockerSuite) TestRunModeIpcContainerNotExists(c *check.C) { 2605 cmd := exec.Command(dockerBinary, "run", "-d", "--ipc", "container:abcd1234", "busybox", "top") 2606 out, _, err := runCommandWithOutput(cmd) 2607 if !strings.Contains(out, "abcd1234") || err == nil { 2608 c.Fatalf("run IPC from a non exists container should with correct error out") 2609 } 2610 } 2611 2612 func (s *DockerSuite) TestRunModeIpcContainerNotRunning(c *check.C) { 2613 testRequires(c, SameHostDaemon) 2614 2615 cmd := exec.Command(dockerBinary, "create", "busybox") 2616 out, _, err := runCommandWithOutput(cmd) 2617 if err != nil { 2618 c.Fatal(err, out) 2619 } 2620 id := strings.TrimSpace(out) 2621 2622 cmd = exec.Command(dockerBinary, "run", fmt.Sprintf("--ipc=container:%s", id), "busybox") 2623 out, _, err = runCommandWithOutput(cmd) 2624 if err == nil { 2625 c.Fatalf("Run container with ipc mode container should fail with non running container: %s\n%s", out, err) 2626 } 2627 } 2628 2629 func (s *DockerSuite) TestContainerNetworkMode(c *check.C) { 2630 testRequires(c, SameHostDaemon) 2631 2632 cmd := exec.Command(dockerBinary, "run", "-d", "busybox", "top") 2633 out, _, err := runCommandWithOutput(cmd) 2634 if err != nil { 2635 c.Fatal(err, out) 2636 } 2637 id := strings.TrimSpace(out) 2638 if err := waitRun(id); err != nil { 2639 c.Fatal(err) 2640 } 2641 pid1, err := inspectField(id, "State.Pid") 2642 c.Assert(err, check.IsNil) 2643 2644 parentContainerNet, err := os.Readlink(fmt.Sprintf("/proc/%s/ns/net", pid1)) 2645 if err != nil { 2646 c.Fatal(err) 2647 } 2648 cmd = exec.Command(dockerBinary, "run", fmt.Sprintf("--net=container:%s", id), "busybox", "readlink", "/proc/self/ns/net") 2649 out2, _, err := runCommandWithOutput(cmd) 2650 if err != nil { 2651 c.Fatal(err, out2) 2652 } 2653 2654 out2 = strings.Trim(out2, "\n") 2655 if parentContainerNet != out2 { 2656 c.Fatalf("NET different with --net=container:%s %s != %s\n", id, parentContainerNet, out2) 2657 } 2658 } 2659 2660 func (s *DockerSuite) TestContainerNetworkModeToSelf(c *check.C) { 2661 cmd := exec.Command(dockerBinary, "run", "--name=me", "--net=container:me", "busybox", "true") 2662 out, _, err := runCommandWithOutput(cmd) 2663 if err == nil || !strings.Contains(out, "cannot join own network") { 2664 c.Fatalf("using container net mode to self should result in an error") 2665 } 2666 } 2667 2668 func (s *DockerSuite) TestRunModePidHost(c *check.C) { 2669 testRequires(c, NativeExecDriver, SameHostDaemon) 2670 2671 hostPid, err := os.Readlink("/proc/1/ns/pid") 2672 if err != nil { 2673 c.Fatal(err) 2674 } 2675 2676 cmd := exec.Command(dockerBinary, "run", "--pid=host", "busybox", "readlink", "/proc/self/ns/pid") 2677 out2, _, err := runCommandWithOutput(cmd) 2678 if err != nil { 2679 c.Fatal(err, out2) 2680 } 2681 2682 out2 = strings.Trim(out2, "\n") 2683 if hostPid != out2 { 2684 c.Fatalf("PID different with --pid=host %s != %s\n", hostPid, out2) 2685 } 2686 2687 cmd = exec.Command(dockerBinary, "run", "busybox", "readlink", "/proc/self/ns/pid") 2688 out2, _, err = runCommandWithOutput(cmd) 2689 if err != nil { 2690 c.Fatal(err, out2) 2691 } 2692 2693 out2 = strings.Trim(out2, "\n") 2694 if hostPid == out2 { 2695 c.Fatalf("PID should be different without --pid=host %s == %s\n", hostPid, out2) 2696 } 2697 } 2698 2699 func (s *DockerSuite) TestRunModeUTSHost(c *check.C) { 2700 testRequires(c, NativeExecDriver, SameHostDaemon) 2701 2702 hostUTS, err := os.Readlink("/proc/1/ns/uts") 2703 if err != nil { 2704 c.Fatal(err) 2705 } 2706 2707 cmd := exec.Command(dockerBinary, "run", "--uts=host", "busybox", "readlink", "/proc/self/ns/uts") 2708 out2, _, err := runCommandWithOutput(cmd) 2709 if err != nil { 2710 c.Fatal(err, out2) 2711 } 2712 2713 out2 = strings.Trim(out2, "\n") 2714 if hostUTS != out2 { 2715 c.Fatalf("UTS different with --uts=host %s != %s\n", hostUTS, out2) 2716 } 2717 2718 cmd = exec.Command(dockerBinary, "run", "busybox", "readlink", "/proc/self/ns/uts") 2719 out2, _, err = runCommandWithOutput(cmd) 2720 if err != nil { 2721 c.Fatal(err, out2) 2722 } 2723 2724 out2 = strings.Trim(out2, "\n") 2725 if hostUTS == out2 { 2726 c.Fatalf("UTS should be different without --uts=host %s == %s\n", hostUTS, out2) 2727 } 2728 } 2729 2730 func (s *DockerSuite) TestRunTLSverify(c *check.C) { 2731 cmd := exec.Command(dockerBinary, "ps") 2732 out, ec, err := runCommandWithOutput(cmd) 2733 if err != nil || ec != 0 { 2734 c.Fatalf("Should have worked: %v:\n%v", err, out) 2735 } 2736 2737 // Regardless of whether we specify true or false we need to 2738 // test to make sure tls is turned on if --tlsverify is specified at all 2739 2740 cmd = exec.Command(dockerBinary, "--tlsverify=false", "ps") 2741 out, ec, err = runCommandWithOutput(cmd) 2742 if err == nil || ec == 0 || !strings.Contains(out, "trying to connect") { 2743 c.Fatalf("Should have failed: \net:%v\nout:%v\nerr:%v", ec, out, err) 2744 } 2745 2746 cmd = exec.Command(dockerBinary, "--tlsverify=true", "ps") 2747 out, ec, err = runCommandWithOutput(cmd) 2748 if err == nil || ec == 0 || !strings.Contains(out, "cert") { 2749 c.Fatalf("Should have failed: \net:%v\nout:%v\nerr:%v", ec, out, err) 2750 } 2751 } 2752 2753 func (s *DockerSuite) TestRunPortFromDockerRangeInUse(c *check.C) { 2754 // first find allocator current position 2755 cmd := exec.Command(dockerBinary, "run", "-d", "-p", ":80", "busybox", "top") 2756 out, _, err := runCommandWithOutput(cmd) 2757 if err != nil { 2758 c.Fatal(out, err) 2759 } 2760 id := strings.TrimSpace(out) 2761 cmd = exec.Command(dockerBinary, "port", id) 2762 out, _, err = runCommandWithOutput(cmd) 2763 if err != nil { 2764 c.Fatal(out, err) 2765 } 2766 out = strings.TrimSpace(out) 2767 2768 if out == "" { 2769 c.Fatal("docker port command output is empty") 2770 } 2771 out = strings.Split(out, ":")[1] 2772 lastPort, err := strconv.Atoi(out) 2773 if err != nil { 2774 c.Fatal(err) 2775 } 2776 port := lastPort + 1 2777 l, err := net.Listen("tcp", ":"+strconv.Itoa(port)) 2778 if err != nil { 2779 c.Fatal(err) 2780 } 2781 defer l.Close() 2782 cmd = exec.Command(dockerBinary, "run", "-d", "-p", ":80", "busybox", "top") 2783 out, _, err = runCommandWithOutput(cmd) 2784 if err != nil { 2785 c.Fatalf(out, err) 2786 } 2787 id = strings.TrimSpace(out) 2788 cmd = exec.Command(dockerBinary, "port", id) 2789 out, _, err = runCommandWithOutput(cmd) 2790 if err != nil { 2791 c.Fatal(out, err) 2792 } 2793 } 2794 2795 func (s *DockerSuite) TestRunTtyWithPipe(c *check.C) { 2796 errChan := make(chan error) 2797 go func() { 2798 defer close(errChan) 2799 2800 cmd := exec.Command(dockerBinary, "run", "-ti", "busybox", "true") 2801 if _, err := cmd.StdinPipe(); err != nil { 2802 errChan <- err 2803 return 2804 } 2805 2806 expected := "cannot enable tty mode" 2807 if out, _, err := runCommandWithOutput(cmd); err == nil { 2808 errChan <- fmt.Errorf("run should have failed") 2809 return 2810 } else if !strings.Contains(out, expected) { 2811 errChan <- fmt.Errorf("run failed with error %q: expected %q", out, expected) 2812 return 2813 } 2814 }() 2815 2816 select { 2817 case err := <-errChan: 2818 c.Assert(err, check.IsNil) 2819 case <-time.After(3 * time.Second): 2820 c.Fatal("container is running but should have failed") 2821 } 2822 } 2823 2824 func (s *DockerSuite) TestRunNonLocalMacAddress(c *check.C) { 2825 addr := "00:16:3E:08:00:50" 2826 2827 cmd := exec.Command(dockerBinary, "run", "--mac-address", addr, "busybox", "ifconfig") 2828 if out, _, err := runCommandWithOutput(cmd); err != nil || !strings.Contains(out, addr) { 2829 c.Fatalf("Output should have contained %q: %s, %v", addr, out, err) 2830 } 2831 } 2832 2833 func (s *DockerSuite) TestRunNetHost(c *check.C) { 2834 testRequires(c, SameHostDaemon) 2835 2836 hostNet, err := os.Readlink("/proc/1/ns/net") 2837 if err != nil { 2838 c.Fatal(err) 2839 } 2840 2841 cmd := exec.Command(dockerBinary, "run", "--net=host", "busybox", "readlink", "/proc/self/ns/net") 2842 out2, _, err := runCommandWithOutput(cmd) 2843 if err != nil { 2844 c.Fatal(err, out2) 2845 } 2846 2847 out2 = strings.Trim(out2, "\n") 2848 if hostNet != out2 { 2849 c.Fatalf("Net namespace different with --net=host %s != %s\n", hostNet, out2) 2850 } 2851 2852 cmd = exec.Command(dockerBinary, "run", "busybox", "readlink", "/proc/self/ns/net") 2853 out2, _, err = runCommandWithOutput(cmd) 2854 if err != nil { 2855 c.Fatal(err, out2) 2856 } 2857 2858 out2 = strings.Trim(out2, "\n") 2859 if hostNet == out2 { 2860 c.Fatalf("Net namespace should be different without --net=host %s == %s\n", hostNet, out2) 2861 } 2862 } 2863 2864 func (s *DockerSuite) TestRunNetContainerWhichHost(c *check.C) { 2865 testRequires(c, SameHostDaemon) 2866 2867 hostNet, err := os.Readlink("/proc/1/ns/net") 2868 if err != nil { 2869 c.Fatal(err) 2870 } 2871 2872 cmd := exec.Command(dockerBinary, "run", "-d", "--net=host", "--name=test", "busybox", "top") 2873 out, _, err := runCommandWithOutput(cmd) 2874 if err != nil { 2875 c.Fatal(err, out) 2876 } 2877 2878 cmd = exec.Command(dockerBinary, "run", "--net=container:test", "busybox", "readlink", "/proc/self/ns/net") 2879 out, _, err = runCommandWithOutput(cmd) 2880 if err != nil { 2881 c.Fatal(err, out) 2882 } 2883 2884 out = strings.Trim(out, "\n") 2885 if hostNet != out { 2886 c.Fatalf("Container should have host network namespace") 2887 } 2888 } 2889 2890 func (s *DockerSuite) TestRunAllowPortRangeThroughPublish(c *check.C) { 2891 cmd := exec.Command(dockerBinary, "run", "-d", "--expose", "3000-3003", "-p", "3000-3003", "busybox", "top") 2892 out, _, err := runCommandWithOutput(cmd) 2893 2894 id := strings.TrimSpace(out) 2895 portstr, err := inspectFieldJSON(id, "NetworkSettings.Ports") 2896 c.Assert(err, check.IsNil) 2897 var ports nat.PortMap 2898 err = unmarshalJSON([]byte(portstr), &ports) 2899 for port, binding := range ports { 2900 portnum, _ := strconv.Atoi(strings.Split(string(port), "/")[0]) 2901 if portnum < 3000 || portnum > 3003 { 2902 c.Fatalf("Port %d is out of range ", portnum) 2903 } 2904 if binding == nil || len(binding) != 1 || len(binding[0].HostPort) == 0 { 2905 c.Fatal("Port is not mapped for the port "+port, out) 2906 } 2907 } 2908 } 2909 2910 func (s *DockerSuite) TestRunOOMExitCode(c *check.C) { 2911 errChan := make(chan error) 2912 go func() { 2913 defer close(errChan) 2914 runCmd := exec.Command(dockerBinary, "run", "-m", "4MB", "busybox", "sh", "-c", "x=a; while true; do x=$x$x$x$x; done") 2915 out, exitCode, _ := runCommandWithOutput(runCmd) 2916 if expected := 137; exitCode != expected { 2917 errChan <- fmt.Errorf("wrong exit code for OOM container: expected %d, got %d (output: %q)", expected, exitCode, out) 2918 } 2919 }() 2920 2921 select { 2922 case err := <-errChan: 2923 c.Assert(err, check.IsNil) 2924 case <-time.After(30 * time.Second): 2925 c.Fatal("Timeout waiting for container to die on OOM") 2926 } 2927 } 2928 2929 func (s *DockerSuite) TestRunSetDefaultRestartPolicy(c *check.C) { 2930 runCmd := exec.Command(dockerBinary, "run", "-d", "--name", "test", "busybox", "top") 2931 if out, _, err := runCommandWithOutput(runCmd); err != nil { 2932 c.Fatalf("failed to run container: %v, output: %q", err, out) 2933 } 2934 out, err := inspectField("test", "HostConfig.RestartPolicy.Name") 2935 c.Assert(err, check.IsNil) 2936 if out != "no" { 2937 c.Fatalf("Set default restart policy failed") 2938 } 2939 } 2940 2941 func (s *DockerSuite) TestRunRestartMaxRetries(c *check.C) { 2942 out, err := exec.Command(dockerBinary, "run", "-d", "--restart=on-failure:3", "busybox", "false").CombinedOutput() 2943 if err != nil { 2944 c.Fatal(string(out), err) 2945 } 2946 id := strings.TrimSpace(string(out)) 2947 if err := waitInspect(id, "{{ .State.Restarting }} {{ .State.Running }}", "false false", 10); err != nil { 2948 c.Fatal(err) 2949 } 2950 count, err := inspectField(id, "RestartCount") 2951 c.Assert(err, check.IsNil) 2952 if count != "3" { 2953 c.Fatalf("Container was restarted %s times, expected %d", count, 3) 2954 } 2955 MaximumRetryCount, err := inspectField(id, "HostConfig.RestartPolicy.MaximumRetryCount") 2956 c.Assert(err, check.IsNil) 2957 if MaximumRetryCount != "3" { 2958 c.Fatalf("Container Maximum Retry Count is %s, expected %s", MaximumRetryCount, "3") 2959 } 2960 } 2961 2962 func (s *DockerSuite) TestRunContainerWithWritableRootfs(c *check.C) { 2963 out, err := exec.Command(dockerBinary, "run", "--rm", "busybox", "touch", "/file").CombinedOutput() 2964 if err != nil { 2965 c.Fatal(string(out), err) 2966 } 2967 } 2968 2969 func (s *DockerSuite) TestRunContainerWithReadonlyRootfs(c *check.C) { 2970 testRequires(c, NativeExecDriver) 2971 2972 for _, f := range []string{"/file", "/etc/hosts", "/etc/resolv.conf", "/etc/hostname"} { 2973 testReadOnlyFile(f, c) 2974 } 2975 } 2976 2977 func testReadOnlyFile(filename string, c *check.C) { 2978 testRequires(c, NativeExecDriver) 2979 2980 out, err := exec.Command(dockerBinary, "run", "--read-only", "--rm", "busybox", "touch", filename).CombinedOutput() 2981 if err == nil { 2982 c.Fatal("expected container to error on run with read only error") 2983 } 2984 expected := "Read-only file system" 2985 if !strings.Contains(string(out), expected) { 2986 c.Fatalf("expected output from failure to contain %s but contains %s", expected, out) 2987 } 2988 } 2989 2990 func (s *DockerSuite) TestRunContainerWithReadonlyEtcHostsAndLinkedContainer(c *check.C) { 2991 testRequires(c, NativeExecDriver) 2992 2993 _, err := runCommand(exec.Command(dockerBinary, "run", "-d", "--name", "test-etc-hosts-ro-linked", "busybox", "top")) 2994 c.Assert(err, check.IsNil) 2995 2996 out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "run", "--read-only", "--link", "test-etc-hosts-ro-linked:testlinked", "busybox", "cat", "/etc/hosts")) 2997 c.Assert(err, check.IsNil) 2998 2999 if !strings.Contains(string(out), "testlinked") { 3000 c.Fatal("Expected /etc/hosts to be updated even if --read-only enabled") 3001 } 3002 } 3003 3004 func (s *DockerSuite) TestRunContainerWithReadonlyRootfsWithDnsFlag(c *check.C) { 3005 testRequires(c, NativeExecDriver) 3006 3007 out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "run", "--read-only", "--dns", "1.1.1.1", "busybox", "/bin/cat", "/etc/resolv.conf")) 3008 c.Assert(err, check.IsNil) 3009 3010 if !strings.Contains(string(out), "1.1.1.1") { 3011 c.Fatal("Expected /etc/resolv.conf to be updated even if --read-only enabled and --dns flag used") 3012 } 3013 } 3014 3015 func (s *DockerSuite) TestRunContainerWithReadonlyRootfsWithAddHostFlag(c *check.C) { 3016 testRequires(c, NativeExecDriver) 3017 3018 out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "run", "--read-only", "--add-host", "testreadonly:127.0.0.1", "busybox", "/bin/cat", "/etc/hosts")) 3019 c.Assert(err, check.IsNil) 3020 3021 if !strings.Contains(string(out), "testreadonly") { 3022 c.Fatal("Expected /etc/hosts to be updated even if --read-only enabled and --add-host flag used") 3023 } 3024 } 3025 3026 func (s *DockerSuite) TestRunVolumesFromRestartAfterRemoved(c *check.C) { 3027 out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "run", "-d", "--name", "voltest", "-v", "/foo", "busybox")) 3028 if err != nil { 3029 c.Fatal(out, err) 3030 } 3031 3032 out, _, err = runCommandWithOutput(exec.Command(dockerBinary, "run", "-d", "--name", "restarter", "--volumes-from", "voltest", "busybox", "top")) 3033 if err != nil { 3034 c.Fatal(out, err) 3035 } 3036 3037 // Remove the main volume container and restart the consuming container 3038 out, _, err = runCommandWithOutput(exec.Command(dockerBinary, "rm", "-f", "voltest")) 3039 if err != nil { 3040 c.Fatal(out, err) 3041 } 3042 3043 // This should not fail since the volumes-from were already applied 3044 out, _, err = runCommandWithOutput(exec.Command(dockerBinary, "restart", "restarter")) 3045 if err != nil { 3046 c.Fatalf("expected container to restart successfully: %v\n%s", err, out) 3047 } 3048 } 3049 3050 // run container with --rm should remove container if exit code != 0 3051 func (s *DockerSuite) TestRunContainerWithRmFlagExitCodeNotEqualToZero(c *check.C) { 3052 name := "flowers" 3053 runCmd := exec.Command(dockerBinary, "run", "--name", name, "--rm", "busybox", "ls", "/notexists") 3054 out, _, err := runCommandWithOutput(runCmd) 3055 if err == nil { 3056 c.Fatal("Expected docker run to fail", out, err) 3057 } 3058 3059 out, err = getAllContainers() 3060 if err != nil { 3061 c.Fatal(out, err) 3062 } 3063 3064 if out != "" { 3065 c.Fatal("Expected not to have containers", out) 3066 } 3067 } 3068 3069 func (s *DockerSuite) TestRunContainerWithRmFlagCannotStartContainer(c *check.C) { 3070 name := "sparkles" 3071 runCmd := exec.Command(dockerBinary, "run", "--name", name, "--rm", "busybox", "commandNotFound") 3072 out, _, err := runCommandWithOutput(runCmd) 3073 if err == nil { 3074 c.Fatal("Expected docker run to fail", out, err) 3075 } 3076 3077 out, err = getAllContainers() 3078 if err != nil { 3079 c.Fatal(out, err) 3080 } 3081 3082 if out != "" { 3083 c.Fatal("Expected not to have containers", out) 3084 } 3085 } 3086 3087 func (s *DockerSuite) TestRunPidHostWithChildIsKillable(c *check.C) { 3088 name := "ibuildthecloud" 3089 if out, err := exec.Command(dockerBinary, "run", "-d", "--pid=host", "--name", name, "busybox", "sh", "-c", "sleep 30; echo hi").CombinedOutput(); err != nil { 3090 c.Fatal(err, out) 3091 } 3092 time.Sleep(1 * time.Second) 3093 errchan := make(chan error) 3094 go func() { 3095 if out, err := exec.Command(dockerBinary, "kill", name).CombinedOutput(); err != nil { 3096 errchan <- fmt.Errorf("%v:\n%s", err, out) 3097 } 3098 close(errchan) 3099 }() 3100 select { 3101 case err := <-errchan: 3102 c.Assert(err, check.IsNil) 3103 case <-time.After(5 * time.Second): 3104 c.Fatal("Kill container timed out") 3105 } 3106 } 3107 3108 func (s *DockerSuite) TestRunWithTooSmallMemoryLimit(c *check.C) { 3109 // this memory limit is 1 byte less than the min, which is 4MB 3110 // https://github.com/docker/docker/blob/v1.5.0/daemon/create.go#L22 3111 out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "run", "-m", "4194303", "busybox")) 3112 if err == nil || !strings.Contains(out, "Minimum memory limit allowed is 4MB") { 3113 c.Fatalf("expected run to fail when using too low a memory limit: %q", out) 3114 } 3115 } 3116 3117 func (s *DockerSuite) TestRunWriteToProcAsound(c *check.C) { 3118 code, err := runCommand(exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "echo 111 >> /proc/asound/version")) 3119 if err == nil || code == 0 { 3120 c.Fatal("standard container should not be able to write to /proc/asound") 3121 } 3122 } 3123 3124 func (s *DockerSuite) TestRunReadProcTimer(c *check.C) { 3125 testRequires(c, NativeExecDriver) 3126 out, code, err := runCommandWithOutput(exec.Command(dockerBinary, "run", "busybox", "cat", "/proc/timer_stats")) 3127 if err != nil || code != 0 { 3128 c.Fatal(err) 3129 } 3130 if strings.Trim(out, "\n ") != "" { 3131 c.Fatalf("expected to receive no output from /proc/timer_stats but received %q", out) 3132 } 3133 } 3134 3135 func (s *DockerSuite) TestRunReadProcLatency(c *check.C) { 3136 testRequires(c, NativeExecDriver) 3137 // some kernels don't have this configured so skip the test if this file is not found 3138 // on the host running the tests. 3139 if _, err := os.Stat("/proc/latency_stats"); err != nil { 3140 c.Skip("kernel doesnt have latency_stats configured") 3141 return 3142 } 3143 out, code, err := runCommandWithOutput(exec.Command(dockerBinary, "run", "busybox", "cat", "/proc/latency_stats")) 3144 if err != nil || code != 0 { 3145 c.Fatal(err) 3146 } 3147 if strings.Trim(out, "\n ") != "" { 3148 c.Fatalf("expected to receive no output from /proc/latency_stats but received %q", out) 3149 } 3150 } 3151 3152 func (s *DockerSuite) TestMountIntoProc(c *check.C) { 3153 testRequires(c, NativeExecDriver) 3154 code, err := runCommand(exec.Command(dockerBinary, "run", "-v", "/proc//sys", "busybox", "true")) 3155 if err == nil || code == 0 { 3156 c.Fatal("container should not be able to mount into /proc") 3157 } 3158 } 3159 3160 func (s *DockerSuite) TestMountIntoSys(c *check.C) { 3161 testRequires(c, NativeExecDriver) 3162 _, err := runCommand(exec.Command(dockerBinary, "run", "-v", "/sys/fs/cgroup", "busybox", "true")) 3163 if err != nil { 3164 c.Fatal("container should be able to mount into /sys/fs/cgroup") 3165 } 3166 } 3167 3168 func (s *DockerSuite) TestTwoContainersInNetHost(c *check.C) { 3169 dockerCmd(c, "run", "-d", "--net=host", "--name=first", "busybox", "top") 3170 dockerCmd(c, "run", "-d", "--net=host", "--name=second", "busybox", "top") 3171 dockerCmd(c, "stop", "first") 3172 dockerCmd(c, "stop", "second") 3173 } 3174 3175 func (s *DockerSuite) TestRunUnshareProc(c *check.C) { 3176 testRequires(c, Apparmor, NativeExecDriver) 3177 3178 name := "acidburn" 3179 runCmd := exec.Command(dockerBinary, "run", "--name", name, "jess/unshare", "unshare", "-p", "-m", "-f", "-r", "--mount-proc=/proc", "mount") 3180 if out, _, err := runCommandWithOutput(runCmd); err == nil || !strings.Contains(out, "Permission denied") { 3181 c.Fatalf("unshare should have failed with permission denied, got: %s, %v", out, err) 3182 } 3183 3184 name = "cereal" 3185 runCmd = exec.Command(dockerBinary, "run", "--name", name, "jess/unshare", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc") 3186 if out, _, err := runCommandWithOutput(runCmd); err == nil || !strings.Contains(out, "Permission denied") { 3187 c.Fatalf("unshare should have failed with permission denied, got: %s, %v", out, err) 3188 } 3189 } 3190 3191 func (s *DockerSuite) TestRunPublishPort(c *check.C) { 3192 out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "run", "-d", "--name", "test", "--expose", "8080", "busybox", "top")) 3193 c.Assert(err, check.IsNil) 3194 out, _, err = runCommandWithOutput(exec.Command(dockerBinary, "port", "test")) 3195 c.Assert(err, check.IsNil) 3196 out = strings.Trim(out, "\r\n") 3197 if out != "" { 3198 c.Fatalf("run without --publish-all should not publish port, out should be nil, but got: %s", out) 3199 } 3200 } 3201 3202 // Issue #10184. 3203 func (s *DockerSuite) TestDevicePermissions(c *check.C) { 3204 testRequires(c, NativeExecDriver) 3205 const permissions = "crw-rw-rw-" 3206 out, status := dockerCmd(c, "run", "--device", "/dev/fuse:/dev/fuse:mrw", "busybox:latest", "ls", "-l", "/dev/fuse") 3207 if status != 0 { 3208 c.Fatalf("expected status 0, got %d", status) 3209 } 3210 if !strings.HasPrefix(out, permissions) { 3211 c.Fatalf("output should begin with %q, got %q", permissions, out) 3212 } 3213 }