ecdbc1a0 |
// +build !test_no_exec
|
42dafe4b |
package main
import (
"bufio" |
9462dbb2 |
"fmt" |
72b75cd4 |
"net/http" |
16562406 |
"os" |
42dafe4b |
"os/exec" |
9462dbb2 |
"reflect" |
f7541b00 |
"runtime" |
9462dbb2 |
"sort" |
42dafe4b |
"strings" |
9462dbb2 |
"sync" |
42dafe4b |
"time" |
dc944ea7 |
|
9077c896 |
"github.com/docker/docker/pkg/integration/checker" |
dc944ea7 |
"github.com/go-check/check" |
42dafe4b |
)
|
dc944ea7 |
func (s *DockerSuite) TestExec(c *check.C) { |
f9a3558a |
testRequires(c, DaemonIsLinux) |
0a7755ab |
out, _ := dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "sh", "-c", "echo test > /tmp/file && top")
c.Assert(waitRun(strings.TrimSpace(out)), check.IsNil) |
70407ce4 |
|
0a7755ab |
out, _ = dockerCmd(c, "exec", "testing", "cat", "/tmp/file") |
42dafe4b |
out = strings.Trim(out, "\r\n") |
9120a1fc |
c.Assert(out, checker.Equals, "test") |
42dafe4b |
}
|
dc944ea7 |
func (s *DockerSuite) TestExecInteractive(c *check.C) { |
f9a3558a |
testRequires(c, DaemonIsLinux) |
668e2369 |
dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "sh", "-c", "echo test > /tmp/file && top") |
42dafe4b |
execCmd := exec.Command(dockerBinary, "exec", "-i", "testing", "sh")
stdin, err := execCmd.StdinPipe() |
9120a1fc |
c.Assert(err, checker.IsNil) |
42dafe4b |
stdout, err := execCmd.StdoutPipe() |
9120a1fc |
c.Assert(err, checker.IsNil) |
42dafe4b |
|
9120a1fc |
err = execCmd.Start()
c.Assert(err, checker.IsNil)
_, err = stdin.Write([]byte("cat /tmp/file\n"))
c.Assert(err, checker.IsNil) |
42dafe4b |
r := bufio.NewReader(stdout)
line, err := r.ReadString('\n') |
9120a1fc |
c.Assert(err, checker.IsNil) |
42dafe4b |
line = strings.TrimSpace(line) |
9120a1fc |
c.Assert(line, checker.Equals, "test")
err = stdin.Close()
c.Assert(err, checker.IsNil) |
4203230c |
errChan := make(chan error) |
42dafe4b |
go func() { |
4203230c |
errChan <- execCmd.Wait()
close(errChan) |
42dafe4b |
}()
select { |
4203230c |
case err := <-errChan: |
9120a1fc |
c.Assert(err, checker.IsNil) |
42dafe4b |
case <-time.After(1 * time.Second): |
dc944ea7 |
c.Fatal("docker exec failed to exit on stdin close") |
42dafe4b |
}
}
|
dc944ea7 |
func (s *DockerSuite) TestExecAfterContainerRestart(c *check.C) { |
46e41dc2 |
testRequires(c, DaemonIsLinux) |
0a7755ab |
out, _ := runSleepingContainer(c) |
475c6531 |
cleanedContainerID := strings.TrimSpace(out) |
2a5f04dc |
c.Assert(waitRun(cleanedContainerID), check.IsNil) |
668e2369 |
dockerCmd(c, "restart", cleanedContainerID) |
2a5f04dc |
c.Assert(waitRun(cleanedContainerID), check.IsNil) |
42dafe4b |
|
668e2369 |
out, _ = dockerCmd(c, "exec", cleanedContainerID, "echo", "hello") |
42dafe4b |
outStr := strings.TrimSpace(out) |
9120a1fc |
c.Assert(outStr, checker.Equals, "hello") |
42dafe4b |
}
|
57464c32 |
func (s *DockerDaemonSuite) TestExecAfterDaemonRestart(c *check.C) { |
a9379b4a |
// TODO Windows CI: Requires a little work to get this ported. |
f9a3558a |
testRequires(c, DaemonIsLinux) |
dc944ea7 |
testRequires(c, SameHostDaemon) |
70407ce4 |
|
9120a1fc |
err := s.d.StartWithBusybox()
c.Assert(err, checker.IsNil) |
42dafe4b |
|
9120a1fc |
out, err := s.d.Cmd("run", "-d", "--name", "top", "-p", "80", "busybox:latest", "top")
c.Assert(err, checker.IsNil, check.Commentf("Could not run top: %s", out)) |
42dafe4b |
|
9120a1fc |
err = s.d.Restart()
c.Assert(err, checker.IsNil, check.Commentf("Could not restart daemon")) |
42dafe4b |
|
9120a1fc |
out, err = s.d.Cmd("start", "top")
c.Assert(err, checker.IsNil, check.Commentf("Could not start top after daemon restart: %s", out)) |
42dafe4b |
|
9120a1fc |
out, err = s.d.Cmd("exec", "top", "echo", "hello")
c.Assert(err, checker.IsNil, check.Commentf("Could not exec on container top: %s", out)) |
42dafe4b |
outStr := strings.TrimSpace(string(out)) |
9120a1fc |
c.Assert(outStr, checker.Equals, "hello") |
42dafe4b |
} |
2bceaae4 |
|
906974b1 |
// Regression test for #9155, #9044 |
dc944ea7 |
func (s *DockerSuite) TestExecEnv(c *check.C) { |
a9379b4a |
// TODO Windows CI: This one is interesting and may just end up being a feature
// difference between Windows and Linux. On Windows, the environment is passed
// into the process that is launched, not into the machine environment. Hence
// a subsequent exec will not have LALA set/ |
f9a3558a |
testRequires(c, DaemonIsLinux) |
a9379b4a |
runSleepingContainer(c, "-e", "LALA=value1", "-e", "LALA=value2", "-d", "--name", "testing") |
6d974ec1 |
c.Assert(waitRun("testing"), check.IsNil) |
2bceaae4 |
|
668e2369 |
out, _ := dockerCmd(c, "exec", "testing", "env") |
9120a1fc |
c.Assert(out, checker.Not(checker.Contains), "LALA=value1")
c.Assert(out, checker.Contains, "LALA=value2")
c.Assert(out, checker.Contains, "HOME=/root") |
2bceaae4 |
} |
90928eb1 |
|
dc944ea7 |
func (s *DockerSuite) TestExecExitStatus(c *check.C) { |
a9379b4a |
runSleepingContainer(c, "-d", "--name", "top") |
90928eb1 |
// Test normal (non-detached) case first
cmd := exec.Command(dockerBinary, "exec", "top", "sh", "-c", "exit 23")
ec, _ := runCommand(cmd) |
9120a1fc |
c.Assert(ec, checker.Equals, 23) |
90928eb1 |
} |
1bb02117 |
|
dc944ea7 |
func (s *DockerSuite) TestExecPausedContainer(c *check.C) { |
a9379b4a |
// Windows does not support pause |
f9a3558a |
testRequires(c, DaemonIsLinux) |
1bb02117 |
defer unpauseAllContainers()
|
668e2369 |
out, _ := dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "top") |
475c6531 |
ContainerID := strings.TrimSpace(out) |
1bb02117 |
|
668e2369 |
dockerCmd(c, "pause", "testing") |
693ba98c |
out, _, err := dockerCmdWithError("exec", "-i", "-t", ContainerID, "echo", "hello") |
9120a1fc |
c.Assert(err, checker.NotNil, check.Commentf("container should fail to exec new conmmand if it is paused")) |
1bb02117 |
expected := ContainerID + " is paused, unpause the container before exec" |
9120a1fc |
c.Assert(out, checker.Contains, expected, check.Commentf("container should not exec new command if it is paused")) |
1bb02117 |
} |
243a640d |
// regression test for #9476 |
e151ad93 |
func (s *DockerSuite) TestExecTTYCloseStdin(c *check.C) { |
a9379b4a |
// TODO Windows CI: This requires some work to port to Windows. |
f9a3558a |
testRequires(c, DaemonIsLinux) |
668e2369 |
dockerCmd(c, "run", "-d", "-it", "--name", "exec_tty_stdin", "busybox") |
243a640d |
|
668e2369 |
cmd := exec.Command(dockerBinary, "exec", "-i", "exec_tty_stdin", "cat") |
243a640d |
stdinRw, err := cmd.StdinPipe() |
9120a1fc |
c.Assert(err, checker.IsNil) |
243a640d |
stdinRw.Write([]byte("test"))
stdinRw.Close()
|
9120a1fc |
out, _, err := runCommandWithOutput(cmd)
c.Assert(err, checker.IsNil, check.Commentf(out)) |
243a640d |
|
9120a1fc |
out, _ = dockerCmd(c, "top", "exec_tty_stdin") |
243a640d |
outArr := strings.Split(out, "\n") |
9120a1fc |
c.Assert(len(outArr), checker.LessOrEqualThan, 3, check.Commentf("exec process left running"))
c.Assert(out, checker.Not(checker.Contains), "nsenter-exec") |
243a640d |
} |
67e3ddb7 |
|
e151ad93 |
func (s *DockerSuite) TestExecTTYWithoutStdin(c *check.C) { |
a9379b4a |
// TODO Windows CI: This requires some work to port to Windows. |
f9a3558a |
testRequires(c, DaemonIsLinux) |
668e2369 |
out, _ := dockerCmd(c, "run", "-d", "-ti", "busybox") |
67e3ddb7 |
id := strings.TrimSpace(out) |
9120a1fc |
c.Assert(waitRun(id), checker.IsNil) |
67e3ddb7 |
|
4203230c |
errChan := make(chan error) |
67e3ddb7 |
go func() { |
4203230c |
defer close(errChan) |
67e3ddb7 |
cmd := exec.Command(dockerBinary, "exec", "-ti", id, "true")
if _, err := cmd.StdinPipe(); err != nil { |
4203230c |
errChan <- err
return |
67e3ddb7 |
}
|
f7541b00 |
expected := "the input device is not a TTY"
if runtime.GOOS == "windows" {
expected += ". If you are using mintty, try prefixing the command with 'winpty'"
} |
67e3ddb7 |
if out, _, err := runCommandWithOutput(cmd); err == nil { |
4203230c |
errChan <- fmt.Errorf("exec should have failed")
return |
67e3ddb7 |
} else if !strings.Contains(out, expected) { |
4203230c |
errChan <- fmt.Errorf("exec failed with error %q: expected %q", out, expected)
return |
67e3ddb7 |
}
}()
select { |
4203230c |
case err := <-errChan:
c.Assert(err, check.IsNil) |
67e3ddb7 |
case <-time.After(3 * time.Second): |
dc944ea7 |
c.Fatal("exec is running but should have failed") |
67e3ddb7 |
}
} |
7fdbd90f |
|
dc944ea7 |
func (s *DockerSuite) TestExecParseError(c *check.C) { |
a9379b4a |
// TODO Windows CI: Requires some extra work. Consider copying the
// runSleepingContainer helper to have an exec version. |
f9a3558a |
testRequires(c, DaemonIsLinux) |
668e2369 |
dockerCmd(c, "run", "-d", "--name", "top", "busybox", "top") |
7fdbd90f |
// Test normal (non-detached) case first
cmd := exec.Command(dockerBinary, "exec", "top") |
9120a1fc |
_, stderr, _, err := runCommandWithStdoutStderr(cmd)
c.Assert(err, checker.NotNil)
c.Assert(stderr, checker.Contains, "See '"+dockerBinary+" exec --help'") |
7fdbd90f |
} |
eda92e88 |
|
dc944ea7 |
func (s *DockerSuite) TestExecStopNotHanging(c *check.C) { |
a9379b4a |
// TODO Windows CI: Requires some extra work. Consider copying the
// runSleepingContainer helper to have an exec version. |
f9a3558a |
testRequires(c, DaemonIsLinux) |
668e2369 |
dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "top") |
eda92e88 |
|
9120a1fc |
err := exec.Command(dockerBinary, "exec", "testing", "top").Start()
c.Assert(err, checker.IsNil) |
eda92e88 |
|
4203230c |
type dstop struct {
out []byte
err error
}
ch := make(chan dstop) |
eda92e88 |
go func() { |
4203230c |
out, err := exec.Command(dockerBinary, "stop", "testing").CombinedOutput()
ch <- dstop{out, err}
close(ch) |
eda92e88 |
}()
select {
case <-time.After(3 * time.Second): |
dc944ea7 |
c.Fatal("Container stop timed out") |
4203230c |
case s := <-ch:
c.Assert(s.err, check.IsNil) |
eda92e88 |
}
} |
9462dbb2 |
|
dc944ea7 |
func (s *DockerSuite) TestExecCgroup(c *check.C) { |
a9379b4a |
// Not applicable on Windows - using Linux specific functionality |
ea3afdad |
testRequires(c, NotUserNamespace) |
f9a3558a |
testRequires(c, DaemonIsLinux) |
668e2369 |
dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "top") |
9462dbb2 |
|
668e2369 |
out, _ := dockerCmd(c, "exec", "testing", "cat", "/proc/1/cgroup")
containerCgroups := sort.StringSlice(strings.Split(out, "\n")) |
9462dbb2 |
var wg sync.WaitGroup |
dc944ea7 |
var mu sync.Mutex |
9462dbb2 |
execCgroups := []sort.StringSlice{} |
4203230c |
errChan := make(chan error) |
9462dbb2 |
// exec a few times concurrently to get consistent failure
for i := 0; i < 5; i++ {
wg.Add(1)
go func() { |
693ba98c |
out, _, err := dockerCmdWithError("exec", "testing", "cat", "/proc/self/cgroup") |
9462dbb2 |
if err != nil { |
4203230c |
errChan <- err
return |
9462dbb2 |
} |
668e2369 |
cg := sort.StringSlice(strings.Split(out, "\n")) |
9462dbb2 |
|
dc944ea7 |
mu.Lock() |
9462dbb2 |
execCgroups = append(execCgroups, cg) |
dc944ea7 |
mu.Unlock() |
9462dbb2 |
wg.Done()
}()
}
wg.Wait() |
4203230c |
close(errChan)
for err := range errChan { |
9120a1fc |
c.Assert(err, checker.IsNil) |
4203230c |
} |
9462dbb2 |
for _, cg := range execCgroups {
if !reflect.DeepEqual(cg, containerCgroups) {
fmt.Println("exec cgroups:")
for _, name := range cg {
fmt.Printf(" %s\n", name)
}
fmt.Println("container cgroups:")
for _, name := range containerCgroups {
fmt.Printf(" %s\n", name)
} |
dc944ea7 |
c.Fatal("cgroups mismatched") |
9462dbb2 |
}
}
} |
957cbdbf |
|
a9379b4a |
func (s *DockerSuite) TestExecInspectID(c *check.C) {
out, _ := runSleepingContainer(c, "-d") |
957cbdbf |
id := strings.TrimSuffix(out, "\n")
|
62a856e9 |
out = inspectField(c, id, "ExecIDs") |
9120a1fc |
c.Assert(out, checker.Equals, "[]", check.Commentf("ExecIDs should be empty, got: %s", out)) |
957cbdbf |
|
fe6a7c8e |
// Start an exec, have it block waiting so we can do some checking
cmd := exec.Command(dockerBinary, "exec", id, "sh", "-c", |
a9379b4a |
"while ! test -e /execid1; do sleep 1; done") |
72b75cd4 |
|
62a856e9 |
err := cmd.Start() |
9120a1fc |
c.Assert(err, checker.IsNil, check.Commentf("failed to start the exec cmd")) |
72b75cd4 |
// Give the exec 10 chances/seconds to start then give up and stop the test
tries := 10
for i := 0; i < tries; i++ { |
f06620ec |
// Since its still running we should see exec as part of the container |
8dd8ec13 |
out = strings.TrimSpace(inspectField(c, id, "ExecIDs")) |
f06620ec |
|
72b75cd4 |
if out != "[]" && out != "<no value>" {
break
} |
8dd8ec13 |
c.Assert(i+1, checker.Not(checker.Equals), tries, check.Commentf("ExecIDs still empty after 10 second")) |
72b75cd4 |
time.Sleep(1 * time.Second)
}
// Save execID for later
execID, err := inspectFilter(id, "index .ExecIDs 0") |
9120a1fc |
c.Assert(err, checker.IsNil, check.Commentf("failed to get the exec id")) |
957cbdbf |
|
fe6a7c8e |
// End the exec by creating the missing file
err = exec.Command(dockerBinary, "exec", id, |
a9379b4a |
"sh", "-c", "touch /execid1").Run() |
fe6a7c8e |
|
9120a1fc |
c.Assert(err, checker.IsNil, check.Commentf("failed to run the 2nd exec cmd")) |
fe6a7c8e |
// Wait for 1st exec to complete |
72b75cd4 |
cmd.Wait()
|
8dd8ec13 |
// Give the exec 10 chances/seconds to stop then give up and stop the test
for i := 0; i < tries; i++ {
// Since its still running we should see exec as part of the container
out = strings.TrimSpace(inspectField(c, id, "ExecIDs")) |
957cbdbf |
|
8dd8ec13 |
if out == "[]" {
break
}
c.Assert(i+1, checker.Not(checker.Equals), tries, check.Commentf("ExecIDs still not empty after 10 second"))
time.Sleep(1 * time.Second)
} |
72b75cd4 |
// But we should still be able to query the execID
sc, body, err := sockRequest("GET", "/exec/"+execID+"/json", nil) |
9120a1fc |
c.Assert(sc, checker.Equals, http.StatusOK, check.Commentf("received status != 200 OK: %d\n%s", sc, body)) |
d841b779 |
// Now delete the container and then an 'inspect' on the exec should
// result in a 404 (not 'container not running')
out, ec := dockerCmd(c, "rm", "-f", id) |
9120a1fc |
c.Assert(ec, checker.Equals, 0, check.Commentf("error removing container: %s", out)) |
d841b779 |
sc, body, err = sockRequest("GET", "/exec/"+execID+"/json", nil) |
9120a1fc |
c.Assert(sc, checker.Equals, http.StatusNotFound, check.Commentf("received status != 404: %d\n%s", sc, body)) |
957cbdbf |
} |
43d1c201 |
|
dc944ea7 |
func (s *DockerSuite) TestLinksPingLinkedContainersOnRename(c *check.C) { |
a9379b4a |
// Problematic on Windows as Windows does not support links |
f9a3558a |
testRequires(c, DaemonIsLinux) |
43d1c201 |
var out string |
dc944ea7 |
out, _ = dockerCmd(c, "run", "-d", "--name", "container1", "busybox", "top") |
475c6531 |
idA := strings.TrimSpace(out) |
9120a1fc |
c.Assert(idA, checker.Not(checker.Equals), "", check.Commentf("%s, id should not be nil", out)) |
dc944ea7 |
out, _ = dockerCmd(c, "run", "-d", "--link", "container1:alias1", "--name", "container2", "busybox", "top") |
475c6531 |
idB := strings.TrimSpace(out) |
9120a1fc |
c.Assert(idB, checker.Not(checker.Equals), "", check.Commentf("%s, id should not be nil", out)) |
43d1c201 |
|
668e2369 |
dockerCmd(c, "exec", "container2", "ping", "-c", "1", "alias1", "-W", "1") |
dc944ea7 |
dockerCmd(c, "rename", "container1", "container_new") |
668e2369 |
dockerCmd(c, "exec", "container2", "ping", "-c", "1", "alias1", "-W", "1") |
43d1c201 |
}
|
dc944ea7 |
func (s *DockerSuite) TestRunMutableNetworkFiles(c *check.C) { |
a9379b4a |
// Not applicable on Windows to Windows CI. |
2af5034c |
testRequires(c, SameHostDaemon, DaemonIsLinux) |
6a2c6e97 |
for _, fn := range []string{"resolv.conf", "hosts"} {
deleteAllContainers()
content, err := runCommandAndReadContainerFile(fn, exec.Command(dockerBinary, "run", "-d", "--name", "c1", "busybox", "sh", "-c", fmt.Sprintf("echo success >/etc/%s && top", fn))) |
9120a1fc |
c.Assert(err, checker.IsNil) |
6a2c6e97 |
|
9120a1fc |
c.Assert(strings.TrimSpace(string(content)), checker.Equals, "success", check.Commentf("Content was not what was modified in the container", string(content))) |
6a2c6e97 |
|
668e2369 |
out, _ := dockerCmd(c, "run", "-d", "--name", "c2", "busybox", "top") |
6a2c6e97 |
contID := strings.TrimSpace(out)
netFilePath := containerStorageFile(contID, fn)
f, err := os.OpenFile(netFilePath, os.O_WRONLY|os.O_SYNC|os.O_APPEND, 0644) |
9120a1fc |
c.Assert(err, checker.IsNil) |
6a2c6e97 |
if _, err := f.Seek(0, 0); err != nil {
f.Close() |
dc944ea7 |
c.Fatal(err) |
6a2c6e97 |
}
if err := f.Truncate(0); err != nil {
f.Close() |
dc944ea7 |
c.Fatal(err) |
6a2c6e97 |
}
if _, err := f.Write([]byte("success2\n")); err != nil {
f.Close() |
dc944ea7 |
c.Fatal(err) |
6a2c6e97 |
}
f.Close()
|
668e2369 |
res, _ := dockerCmd(c, "exec", contID, "cat", "/etc/"+fn) |
9120a1fc |
c.Assert(res, checker.Equals, "success2\n") |
6a2c6e97 |
}
} |
2cce4791 |
|
dc944ea7 |
func (s *DockerSuite) TestExecWithUser(c *check.C) { |
a9379b4a |
// TODO Windows CI: This may be fixable in the future once Windows
// supports users |
f9a3558a |
testRequires(c, DaemonIsLinux) |
668e2369 |
dockerCmd(c, "run", "-d", "--name", "parent", "busybox", "top") |
2cce4791 |
|
668e2369 |
out, _ := dockerCmd(c, "exec", "-u", "1", "parent", "id") |
9120a1fc |
c.Assert(out, checker.Contains, "uid=1(daemon) gid=1(daemon)") |
2cce4791 |
|
668e2369 |
out, _ = dockerCmd(c, "exec", "-u", "root", "parent", "id") |
9120a1fc |
c.Assert(out, checker.Contains, "uid=0(root) gid=0(root)", check.Commentf("exec with user by id expected daemon user got %s", out)) |
2cce4791 |
} |
0faa4518 |
|
03f65b3d |
func (s *DockerSuite) TestExecWithPrivileged(c *check.C) { |
a9379b4a |
// Not applicable on Windows |
ea3afdad |
testRequires(c, DaemonIsLinux, NotUserNamespace) |
90326939 |
// Start main loop which attempts mknod repeatedly
dockerCmd(c, "run", "-d", "--name", "parent", "--cap-drop=ALL", "busybox", "sh", "-c", `while (true); do if [ -e /exec_priv ]; then cat /exec_priv && mknod /tmp/sda b 8 0 && echo "Success"; else echo "Privileged exec has not run yet"; fi; usleep 10000; done`) |
03f65b3d |
|
90326939 |
// Check exec mknod doesn't work
cmd := exec.Command(dockerBinary, "exec", "parent", "sh", "-c", "mknod /tmp/sdb b 8 16") |
03f65b3d |
out, _, err := runCommandWithOutput(cmd) |
9120a1fc |
c.Assert(err, checker.NotNil, check.Commentf("exec mknod in --cap-drop=ALL container without --privileged should fail"))
c.Assert(out, checker.Contains, "Operation not permitted", check.Commentf("exec mknod in --cap-drop=ALL container without --privileged should fail")) |
03f65b3d |
|
90326939 |
// Check exec mknod does work with --privileged
cmd = exec.Command(dockerBinary, "exec", "--privileged", "parent", "sh", "-c", `echo "Running exec --privileged" > /exec_priv && mknod /tmp/sdb b 8 16 && usleep 50000 && echo "Finished exec --privileged" > /exec_priv && echo ok`) |
03f65b3d |
out, _, err = runCommandWithOutput(cmd) |
9120a1fc |
c.Assert(err, checker.IsNil) |
03f65b3d |
|
9120a1fc |
actual := strings.TrimSpace(out)
c.Assert(actual, checker.Equals, "ok", check.Commentf("exec mknod in --cap-drop=ALL container with --privileged failed, output: %q", out)) |
03f65b3d |
|
90326939 |
// Check subsequent unprivileged exec cannot mknod
cmd = exec.Command(dockerBinary, "exec", "parent", "sh", "-c", "mknod /tmp/sdc b 8 32")
out, _, err = runCommandWithOutput(cmd) |
9120a1fc |
c.Assert(err, checker.NotNil, check.Commentf("repeating exec mknod in --cap-drop=ALL container after --privileged without --privileged should fail"))
c.Assert(out, checker.Contains, "Operation not permitted", check.Commentf("repeating exec mknod in --cap-drop=ALL container after --privileged without --privileged should fail")) |
90326939 |
// Confirm at no point was mknod allowed
logCmd := exec.Command(dockerBinary, "logs", "parent") |
9120a1fc |
out, _, err = runCommandWithOutput(logCmd)
c.Assert(err, checker.IsNil)
c.Assert(out, checker.Not(checker.Contains), "Success") |
90326939 |
|
03f65b3d |
}
|
0faa4518 |
func (s *DockerSuite) TestExecWithImageUser(c *check.C) { |
a9379b4a |
// Not applicable on Windows |
f9a3558a |
testRequires(c, DaemonIsLinux) |
0faa4518 |
name := "testbuilduser"
_, err := buildImage(name,
`FROM busybox
RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
USER dockerio`,
true) |
9120a1fc |
c.Assert(err, checker.IsNil) |
0faa4518 |
dockerCmd(c, "run", "-d", "--name", "dockerioexec", name, "top")
out, _ := dockerCmd(c, "exec", "dockerioexec", "whoami") |
9120a1fc |
c.Assert(out, checker.Contains, "dockerio", check.Commentf("exec with user by id expected dockerio user got %s", out)) |
0faa4518 |
} |
bfc51cf6 |
func (s *DockerSuite) TestExecOnReadonlyContainer(c *check.C) { |
a9379b4a |
// Windows does not support read-only |
ea3afdad |
// --read-only + userns has remount issues
testRequires(c, DaemonIsLinux, NotUserNamespace) |
bfc51cf6 |
dockerCmd(c, "run", "-d", "--read-only", "--name", "parent", "busybox", "top") |
9120a1fc |
dockerCmd(c, "exec", "parent", "true") |
bfc51cf6 |
} |
fcf9daad |
|
8891afd8 |
func (s *DockerSuite) TestExecUlimits(c *check.C) {
testRequires(c, DaemonIsLinux)
name := "testexeculimits"
runSleepingContainer(c, "-d", "--ulimit", "nproc=21", "--name", name)
c.Assert(waitRun(name), checker.IsNil)
out, _, err := dockerCmdWithError("exec", name, "sh", "-c", "ulimit -p")
c.Assert(err, checker.IsNil)
c.Assert(strings.TrimSpace(out), checker.Equals, "21")
}
|
fcf9daad |
// #15750
func (s *DockerSuite) TestExecStartFails(c *check.C) { |
a9379b4a |
// TODO Windows CI. This test should be portable. Figure out why it fails
// currently. |
d9f5f195 |
testRequires(c, DaemonIsLinux) |
fcf9daad |
name := "exec-15750" |
a9379b4a |
runSleepingContainer(c, "-d", "--name", name) |
9120a1fc |
c.Assert(waitRun(name), checker.IsNil) |
fcf9daad |
|
9077c896 |
out, _, err := dockerCmdWithError("exec", name, "no-such-cmd") |
9120a1fc |
c.Assert(err, checker.NotNil, check.Commentf(out)) |
9077c896 |
c.Assert(out, checker.Contains, "executable file not found") |
fcf9daad |
} |