github.com/zhouyu0/docker-note@v0.0.0-20190722021225-b8d3825084db/integration-cli/docker_cli_cp_to_container_unix_test.go (about) 1 // +build !windows 2 3 package main 4 5 import ( 6 "fmt" 7 "os" 8 "path/filepath" 9 "strconv" 10 "strings" 11 12 "github.com/docker/docker/pkg/system" 13 "github.com/go-check/check" 14 "gotest.tools/assert" 15 ) 16 17 func (s *DockerSuite) TestCpToContainerWithPermissions(c *check.C) { 18 testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux) 19 20 tmpDir := getTestDir(c, "test-cp-to-host-with-permissions") 21 defer os.RemoveAll(tmpDir) 22 23 makeTestContentInDir(c, tmpDir) 24 25 containerName := "permtest" 26 27 _, exc := dockerCmd(c, "create", "--name", containerName, "debian:jessie", "/bin/bash", "-c", "stat -c '%u %g %a' /permdirtest /permdirtest/permtest") 28 assert.Equal(c, exc, 0) 29 defer dockerCmd(c, "rm", "-f", containerName) 30 31 srcPath := cpPath(tmpDir, "permdirtest") 32 dstPath := containerCpPath(containerName, "/") 33 assert.NilError(c, runDockerCp(c, srcPath, dstPath, []string{"-a"})) 34 35 out, err := startContainerGetOutput(c, containerName) 36 assert.NilError(c, err, "output: %v", out) 37 assert.Equal(c, strings.TrimSpace(out), "2 2 700\n65534 65534 400", "output: %v", out) 38 } 39 40 // Check ownership is root, both in non-userns and userns enabled modes 41 func (s *DockerSuite) TestCpCheckDestOwnership(c *check.C) { 42 testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon) 43 tmpVolDir := getTestDir(c, "test-cp-tmpvol") 44 containerID := makeTestContainer(c, 45 testContainerOptions{volumes: []string{fmt.Sprintf("%s:/tmpvol", tmpVolDir)}}) 46 47 tmpDir := getTestDir(c, "test-cp-to-check-ownership") 48 defer os.RemoveAll(tmpDir) 49 50 makeTestContentInDir(c, tmpDir) 51 52 srcPath := cpPath(tmpDir, "file1") 53 dstPath := containerCpPath(containerID, "/tmpvol", "file1") 54 55 err := runDockerCp(c, srcPath, dstPath, nil) 56 assert.NilError(c, err) 57 58 stat, err := system.Stat(filepath.Join(tmpVolDir, "file1")) 59 assert.NilError(c, err) 60 uid, gid, err := getRootUIDGID() 61 assert.NilError(c, err) 62 assert.Equal(c, stat.UID(), uint32(uid), "Copied file not owned by container root UID") 63 assert.Equal(c, stat.GID(), uint32(gid), "Copied file not owned by container root GID") 64 } 65 66 func getRootUIDGID() (int, int, error) { 67 uidgid := strings.Split(filepath.Base(testEnv.DaemonInfo.DockerRootDir), ".") 68 if len(uidgid) == 1 { 69 //user namespace remapping is not turned on; return 0 70 return 0, 0, nil 71 } 72 uid, err := strconv.Atoi(uidgid[0]) 73 if err != nil { 74 return 0, 0, err 75 } 76 gid, err := strconv.Atoi(uidgid[1]) 77 if err != nil { 78 return 0, 0, err 79 } 80 return uid, gid, nil 81 }