github.com/xdlianrong208/docker-ce-comments@v17.12.1-ce-rc2+incompatible/components/engine/integration-cli/docker_api_containers_unix_test.go

github.com/xdlianrong208/docker-ce-comments@v17.12.1-ce-rc2+incompatible/components/engine/integration-cli/docker_api_containers_unix_test.go (about)

     1  // +build !windows
     2  
     3  package main
     4  
     5  import (
     6  	"io/ioutil"
     7  	"os"
     8  	"path/filepath"
     9  
    10  	"github.com/docker/docker/api/types"
    11  	containertypes "github.com/docker/docker/api/types/container"
    12  	mounttypes "github.com/docker/docker/api/types/mount"
    13  	networktypes "github.com/docker/docker/api/types/network"
    14  	"github.com/docker/docker/client"
    15  	"github.com/docker/docker/integration-cli/checker"
    16  	"github.com/docker/docker/pkg/ioutils"
    17  	"github.com/docker/docker/pkg/system"
    18  	"github.com/go-check/check"
    19  	"github.com/stretchr/testify/assert"
    20  	"golang.org/x/net/context"
    21  )
    22  
    23  func (s *DockerSuite) TestContainersAPINetworkMountsNoChown(c *check.C) {
    24  	// chown only applies to Linux bind mounted volumes; must be same host to verify
    25  	testRequires(c, DaemonIsLinux, SameHostDaemon)
    26  
    27  	tmpDir, err := ioutils.TempDir("", "test-network-mounts")
    28  	c.Assert(err, checker.IsNil)
    29  	defer os.RemoveAll(tmpDir)
    30  
    31  	// make tmp dir readable by anyone to allow userns process to mount from
    32  	err = os.Chmod(tmpDir, 0755)
    33  	c.Assert(err, checker.IsNil)
    34  	// create temp files to use as network mounts
    35  	tmpNWFileMount := filepath.Join(tmpDir, "nwfile")
    36  
    37  	err = ioutil.WriteFile(tmpNWFileMount, []byte("network file bind mount"), 0644)
    38  	c.Assert(err, checker.IsNil)
    39  
    40  	config := containertypes.Config{
    41  		Image: "busybox",
    42  	}
    43  	hostConfig := containertypes.HostConfig{
    44  		Mounts: []mounttypes.Mount{
    45  			{
    46  				Type:   "bind",
    47  				Source: tmpNWFileMount,
    48  				Target: "/etc/resolv.conf",
    49  			},
    50  			{
    51  				Type:   "bind",
    52  				Source: tmpNWFileMount,
    53  				Target: "/etc/hostname",
    54  			},
    55  			{
    56  				Type:   "bind",
    57  				Source: tmpNWFileMount,
    58  				Target: "/etc/hosts",
    59  			},
    60  		},
    61  	}
    62  
    63  	cli, err := client.NewEnvClient()
    64  	c.Assert(err, checker.IsNil)
    65  	defer cli.Close()
    66  
    67  	ctrCreate, err := cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "")
    68  	c.Assert(err, checker.IsNil)
    69  	// container will exit immediately because of no tty, but we only need the start sequence to test the condition
    70  	err = cli.ContainerStart(context.Background(), ctrCreate.ID, types.ContainerStartOptions{})
    71  	c.Assert(err, checker.IsNil)
    72  
    73  	// check that host-located bind mount network file did not change ownership when the container was started
    74  	statT, err := system.Stat(tmpNWFileMount)
    75  	c.Assert(err, checker.IsNil)
    76  	assert.Equal(c, uint32(0), statT.UID(), "bind mounted network file should not change ownership from root")
    77  }