// +build !test_no_exec
 

 package main
 
 import (
 	"bufio"

 	"fmt"

 	"net/http"

 	"os"

 	"os/exec"

 	"reflect"

 	"runtime"

 	"sort"

 	"strings"

 	"sync"

 	"time"

 	"github.com/docker/docker/pkg/integration/checker"

 	"github.com/go-check/check"

 )
 

 func (s *DockerSuite) TestExec(c *check.C) {

 	testRequires(c, DaemonIsLinux)

 	out, _ := dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "sh", "-c", "echo test > /tmp/file && top")
 	c.Assert(waitRun(strings.TrimSpace(out)), check.IsNil)

 	out, _ = dockerCmd(c, "exec", "testing", "cat", "/tmp/file")

 	out = strings.Trim(out, "\r\n")

 	c.Assert(out, checker.Equals, "test")

 
 }
 

 func (s *DockerSuite) TestExecInteractive(c *check.C) {

 	testRequires(c, DaemonIsLinux)

 	dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "sh", "-c", "echo test > /tmp/file && top")

 
 	execCmd := exec.Command(dockerBinary, "exec", "-i", "testing", "sh")
 	stdin, err := execCmd.StdinPipe()

 	c.Assert(err, checker.IsNil)

 	stdout, err := execCmd.StdoutPipe()

 	c.Assert(err, checker.IsNil)

 	err = execCmd.Start()
 	c.Assert(err, checker.IsNil)
 	_, err = stdin.Write([]byte("cat /tmp/file\n"))
 	c.Assert(err, checker.IsNil)

 
 	r := bufio.NewReader(stdout)
 	line, err := r.ReadString('\n')

 	c.Assert(err, checker.IsNil)

 	line = strings.TrimSpace(line)

 	c.Assert(line, checker.Equals, "test")
 	err = stdin.Close()
 	c.Assert(err, checker.IsNil)

 	errChan := make(chan error)

 	go func() {

 		errChan <- execCmd.Wait()
 		close(errChan)

 	}()
 	select {

 	case err := <-errChan:

 		c.Assert(err, checker.IsNil)

 	case <-time.After(1 * time.Second):

 		c.Fatal("docker exec failed to exit on stdin close")

 	}
 
 }
 

 func (s *DockerSuite) TestExecAfterContainerRestart(c *check.C) {

 	testRequires(c, DaemonIsLinux)

 	out, _ := runSleepingContainer(c)

 	cleanedContainerID := strings.TrimSpace(out)

 	c.Assert(waitRun(cleanedContainerID), check.IsNil)

 	dockerCmd(c, "restart", cleanedContainerID)

 	c.Assert(waitRun(cleanedContainerID), check.IsNil)

 	out, _ = dockerCmd(c, "exec", cleanedContainerID, "echo", "hello")

 	outStr := strings.TrimSpace(out)

 	c.Assert(outStr, checker.Equals, "hello")

 }
 

 func (s *DockerDaemonSuite) TestExecAfterDaemonRestart(c *check.C) {

 	// TODO Windows CI: Requires a little work to get this ported.

 	testRequires(c, DaemonIsLinux)

 	testRequires(c, SameHostDaemon)

 	err := s.d.StartWithBusybox()
 	c.Assert(err, checker.IsNil)

 	out, err := s.d.Cmd("run", "-d", "--name", "top", "-p", "80", "busybox:latest", "top")
 	c.Assert(err, checker.IsNil, check.Commentf("Could not run top: %s", out))

 	err = s.d.Restart()
 	c.Assert(err, checker.IsNil, check.Commentf("Could not restart daemon"))

 	out, err = s.d.Cmd("start", "top")
 	c.Assert(err, checker.IsNil, check.Commentf("Could not start top after daemon restart: %s", out))

 	out, err = s.d.Cmd("exec", "top", "echo", "hello")
 	c.Assert(err, checker.IsNil, check.Commentf("Could not exec on container top: %s", out))

 
 	outStr := strings.TrimSpace(string(out))

 	c.Assert(outStr, checker.Equals, "hello")

 }

 // Regression test for #9155, #9044

 func (s *DockerSuite) TestExecEnv(c *check.C) {

 	// TODO Windows CI: This one is interesting and may just end up being a feature
 	// difference between Windows and Linux. On Windows, the environment is passed
 	// into the process that is launched, not into the machine environment. Hence
 	// a subsequent exec will not have LALA set/

 	testRequires(c, DaemonIsLinux)

 	runSleepingContainer(c, "-e", "LALA=value1", "-e", "LALA=value2", "-d", "--name", "testing")

 	c.Assert(waitRun("testing"), check.IsNil)

 	out, _ := dockerCmd(c, "exec", "testing", "env")

 	c.Assert(out, checker.Not(checker.Contains), "LALA=value1")
 	c.Assert(out, checker.Contains, "LALA=value2")
 	c.Assert(out, checker.Contains, "HOME=/root")

 }

 func (s *DockerSuite) TestExecExitStatus(c *check.C) {

 	runSleepingContainer(c, "-d", "--name", "top")

 
 	// Test normal (non-detached) case first
 	cmd := exec.Command(dockerBinary, "exec", "top", "sh", "-c", "exit 23")
 	ec, _ := runCommand(cmd)

 	c.Assert(ec, checker.Equals, 23)

 }

 func (s *DockerSuite) TestExecPausedContainer(c *check.C) {

 	// Windows does not support pause

 	testRequires(c, DaemonIsLinux)

 	defer unpauseAllContainers()
 

 	out, _ := dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "top")

 	ContainerID := strings.TrimSpace(out)

 	dockerCmd(c, "pause", "testing")

 	out, _, err := dockerCmdWithError("exec", "-i", "-t", ContainerID, "echo", "hello")

 	c.Assert(err, checker.NotNil, check.Commentf("container should fail to exec new conmmand if it is paused"))

 
 	expected := ContainerID + " is paused, unpause the container before exec"

 	c.Assert(out, checker.Contains, expected, check.Commentf("container should not exec new command if it is paused"))

 }

 
 // regression test for #9476

 func (s *DockerSuite) TestExecTTYCloseStdin(c *check.C) {

 	// TODO Windows CI: This requires some work to port to Windows.

 	testRequires(c, DaemonIsLinux)

 	dockerCmd(c, "run", "-d", "-it", "--name", "exec_tty_stdin", "busybox")

 	cmd := exec.Command(dockerBinary, "exec", "-i", "exec_tty_stdin", "cat")

 	stdinRw, err := cmd.StdinPipe()

 	c.Assert(err, checker.IsNil)

 
 	stdinRw.Write([]byte("test"))
 	stdinRw.Close()
 

 	out, _, err := runCommandWithOutput(cmd)
 	c.Assert(err, checker.IsNil, check.Commentf(out))

 	out, _ = dockerCmd(c, "top", "exec_tty_stdin")

 	outArr := strings.Split(out, "\n")

 	c.Assert(len(outArr), checker.LessOrEqualThan, 3, check.Commentf("exec process left running"))
 	c.Assert(out, checker.Not(checker.Contains), "nsenter-exec")

 }

 func (s *DockerSuite) TestExecTTYWithoutStdin(c *check.C) {

 	// TODO Windows CI: This requires some work to port to Windows.

 	testRequires(c, DaemonIsLinux)

 	out, _ := dockerCmd(c, "run", "-d", "-ti", "busybox")

 	id := strings.TrimSpace(out)

 	c.Assert(waitRun(id), checker.IsNil)

 	errChan := make(chan error)

 	go func() {

 		defer close(errChan)

 
 		cmd := exec.Command(dockerBinary, "exec", "-ti", id, "true")
 		if _, err := cmd.StdinPipe(); err != nil {

 			errChan <- err
 			return

 		}
 

 		expected := "the input device is not a TTY"
 		if runtime.GOOS == "windows" {
 			expected += ".  If you are using mintty, try prefixing the command with 'winpty'"
 		}

 		if out, _, err := runCommandWithOutput(cmd); err == nil {

 			errChan <- fmt.Errorf("exec should have failed")
 			return

 		} else if !strings.Contains(out, expected) {

 			errChan <- fmt.Errorf("exec failed with error %q: expected %q", out, expected)
 			return

 		}
 	}()
 
 	select {

 	case err := <-errChan:
 		c.Assert(err, check.IsNil)

 	case <-time.After(3 * time.Second):

 		c.Fatal("exec is running but should have failed")

 	}
 }

 func (s *DockerSuite) TestExecParseError(c *check.C) {

 	// TODO Windows CI: Requires some extra work. Consider copying the
 	// runSleepingContainer helper to have an exec version.

 	testRequires(c, DaemonIsLinux)

 	dockerCmd(c, "run", "-d", "--name", "top", "busybox", "top")

 
 	// Test normal (non-detached) case first
 	cmd := exec.Command(dockerBinary, "exec", "top")

 	_, stderr, _, err := runCommandWithStdoutStderr(cmd)
 	c.Assert(err, checker.NotNil)
 	c.Assert(stderr, checker.Contains, "See '"+dockerBinary+" exec --help'")

 }

 func (s *DockerSuite) TestExecStopNotHanging(c *check.C) {

 	// TODO Windows CI: Requires some extra work. Consider copying the
 	// runSleepingContainer helper to have an exec version.

 	testRequires(c, DaemonIsLinux)

 	dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "top")

 	err := exec.Command(dockerBinary, "exec", "testing", "top").Start()
 	c.Assert(err, checker.IsNil)

 	type dstop struct {
 		out []byte
 		err error
 	}
 
 	ch := make(chan dstop)

 	go func() {

 		out, err := exec.Command(dockerBinary, "stop", "testing").CombinedOutput()
 		ch <- dstop{out, err}
 		close(ch)

 	}()
 	select {
 	case <-time.After(3 * time.Second):

 		c.Fatal("Container stop timed out")

 	case s := <-ch:
 		c.Assert(s.err, check.IsNil)

 	}
 }

 func (s *DockerSuite) TestExecCgroup(c *check.C) {

 	// Not applicable on Windows - using Linux specific functionality

 	testRequires(c, NotUserNamespace)

 	testRequires(c, DaemonIsLinux)

 	dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "top")

 	out, _ := dockerCmd(c, "exec", "testing", "cat", "/proc/1/cgroup")
 	containerCgroups := sort.StringSlice(strings.Split(out, "\n"))

 
 	var wg sync.WaitGroup

 	var mu sync.Mutex

 	execCgroups := []sort.StringSlice{}

 	errChan := make(chan error)

 	// exec a few times concurrently to get consistent failure
 	for i := 0; i < 5; i++ {
 		wg.Add(1)
 		go func() {

 			out, _, err := dockerCmdWithError("exec", "testing", "cat", "/proc/self/cgroup")

 			if err != nil {

 				errChan <- err
 				return

 			}

 			cg := sort.StringSlice(strings.Split(out, "\n"))

 			mu.Lock()

 			execCgroups = append(execCgroups, cg)

 			mu.Unlock()

 			wg.Done()
 		}()
 	}
 	wg.Wait()

 	close(errChan)
 
 	for err := range errChan {

 		c.Assert(err, checker.IsNil)

 	}

 
 	for _, cg := range execCgroups {
 		if !reflect.DeepEqual(cg, containerCgroups) {
 			fmt.Println("exec cgroups:")
 			for _, name := range cg {
 				fmt.Printf(" %s\n", name)
 			}
 
 			fmt.Println("container cgroups:")
 			for _, name := range containerCgroups {
 				fmt.Printf(" %s\n", name)
 			}

 			c.Fatal("cgroups mismatched")

 		}
 	}
 }

 func (s *DockerSuite) TestExecInspectID(c *check.C) {
 	out, _ := runSleepingContainer(c, "-d")

 	id := strings.TrimSuffix(out, "\n")
 

 	out = inspectField(c, id, "ExecIDs")

 	c.Assert(out, checker.Equals, "[]", check.Commentf("ExecIDs should be empty, got: %s", out))

 	// Start an exec, have it block waiting so we can do some checking
 	cmd := exec.Command(dockerBinary, "exec", id, "sh", "-c",

 		"while ! test -e /execid1; do sleep 1; done")

 	err := cmd.Start()

 	c.Assert(err, checker.IsNil, check.Commentf("failed to start the exec cmd"))

 
 	// Give the exec 10 chances/seconds to start then give up and stop the test
 	tries := 10
 	for i := 0; i < tries; i++ {

 		// Since its still running we should see exec as part of the container

 		out = strings.TrimSpace(inspectField(c, id, "ExecIDs"))

 		if out != "[]" && out != "<no value>" {
 			break
 		}

 		c.Assert(i+1, checker.Not(checker.Equals), tries, check.Commentf("ExecIDs still empty after 10 second"))

 		time.Sleep(1 * time.Second)
 	}
 
 	// Save execID for later
 	execID, err := inspectFilter(id, "index .ExecIDs 0")

 	c.Assert(err, checker.IsNil, check.Commentf("failed to get the exec id"))

 	// End the exec by creating the missing file
 	err = exec.Command(dockerBinary, "exec", id,

 		"sh", "-c", "touch /execid1").Run()

 	c.Assert(err, checker.IsNil, check.Commentf("failed to run the 2nd exec cmd"))

 
 	// Wait for 1st exec to complete

 	cmd.Wait()
 

 	// Give the exec 10 chances/seconds to stop then give up and stop the test
 	for i := 0; i < tries; i++ {
 		// Since its still running we should see exec as part of the container
 		out = strings.TrimSpace(inspectField(c, id, "ExecIDs"))

 		if out == "[]" {
 			break
 		}
 		c.Assert(i+1, checker.Not(checker.Equals), tries, check.Commentf("ExecIDs still not empty after 10 second"))
 		time.Sleep(1 * time.Second)
 	}

 
 	// But we should still be able to query the execID
 	sc, body, err := sockRequest("GET", "/exec/"+execID+"/json", nil)

 	c.Assert(sc, checker.Equals, http.StatusOK, check.Commentf("received status != 200 OK: %d\n%s", sc, body))

 
 	// Now delete the container and then an 'inspect' on the exec should
 	// result in a 404 (not 'container not running')
 	out, ec := dockerCmd(c, "rm", "-f", id)

 	c.Assert(ec, checker.Equals, 0, check.Commentf("error removing container: %s", out))

 	sc, body, err = sockRequest("GET", "/exec/"+execID+"/json", nil)

 	c.Assert(sc, checker.Equals, http.StatusNotFound, check.Commentf("received status != 404: %d\n%s", sc, body))

 }

 func (s *DockerSuite) TestLinksPingLinkedContainersOnRename(c *check.C) {

 	// Problematic on Windows as Windows does not support links

 	testRequires(c, DaemonIsLinux)

 	var out string

 	out, _ = dockerCmd(c, "run", "-d", "--name", "container1", "busybox", "top")

 	idA := strings.TrimSpace(out)

 	c.Assert(idA, checker.Not(checker.Equals), "", check.Commentf("%s, id should not be nil", out))

 	out, _ = dockerCmd(c, "run", "-d", "--link", "container1:alias1", "--name", "container2", "busybox", "top")

 	idB := strings.TrimSpace(out)

 	c.Assert(idB, checker.Not(checker.Equals), "", check.Commentf("%s, id should not be nil", out))

 	dockerCmd(c, "exec", "container2", "ping", "-c", "1", "alias1", "-W", "1")

 	dockerCmd(c, "rename", "container1", "container_new")

 	dockerCmd(c, "exec", "container2", "ping", "-c", "1", "alias1", "-W", "1")

 }
 

 func (s *DockerSuite) TestRunMutableNetworkFiles(c *check.C) {

 	// Not applicable on Windows to Windows CI.

 	testRequires(c, SameHostDaemon, DaemonIsLinux)

 	for _, fn := range []string{"resolv.conf", "hosts"} {
 		deleteAllContainers()
 
 		content, err := runCommandAndReadContainerFile(fn, exec.Command(dockerBinary, "run", "-d", "--name", "c1", "busybox", "sh", "-c", fmt.Sprintf("echo success >/etc/%s && top", fn)))

 		c.Assert(err, checker.IsNil)

 		c.Assert(strings.TrimSpace(string(content)), checker.Equals, "success", check.Commentf("Content was not what was modified in the container", string(content)))

 		out, _ := dockerCmd(c, "run", "-d", "--name", "c2", "busybox", "top")

 		contID := strings.TrimSpace(out)
 		netFilePath := containerStorageFile(contID, fn)
 
 		f, err := os.OpenFile(netFilePath, os.O_WRONLY|os.O_SYNC|os.O_APPEND, 0644)

 		c.Assert(err, checker.IsNil)

 
 		if _, err := f.Seek(0, 0); err != nil {
 			f.Close()

 			c.Fatal(err)

 		}
 
 		if err := f.Truncate(0); err != nil {
 			f.Close()

 			c.Fatal(err)

 		}
 
 		if _, err := f.Write([]byte("success2\n")); err != nil {
 			f.Close()

 			c.Fatal(err)

 		}
 		f.Close()
 

 		res, _ := dockerCmd(c, "exec", contID, "cat", "/etc/"+fn)

 		c.Assert(res, checker.Equals, "success2\n")

 	}
 }

 func (s *DockerSuite) TestExecWithUser(c *check.C) {

 	// TODO Windows CI: This may be fixable in the future once Windows
 	// supports users

 	testRequires(c, DaemonIsLinux)

 	dockerCmd(c, "run", "-d", "--name", "parent", "busybox", "top")

 	out, _ := dockerCmd(c, "exec", "-u", "1", "parent", "id")

 	c.Assert(out, checker.Contains, "uid=1(daemon) gid=1(daemon)")

 	out, _ = dockerCmd(c, "exec", "-u", "root", "parent", "id")

 	c.Assert(out, checker.Contains, "uid=0(root) gid=0(root)", check.Commentf("exec with user by id expected daemon user got %s", out))

 }

 func (s *DockerSuite) TestExecWithPrivileged(c *check.C) {

 	// Not applicable on Windows

 	testRequires(c, DaemonIsLinux, NotUserNamespace)

 	// Start main loop which attempts mknod repeatedly
 	dockerCmd(c, "run", "-d", "--name", "parent", "--cap-drop=ALL", "busybox", "sh", "-c", `while (true); do if [ -e /exec_priv ]; then cat /exec_priv && mknod /tmp/sda b 8 0 && echo "Success"; else echo "Privileged exec has not run yet"; fi; usleep 10000; done`)

 	// Check exec mknod doesn't work
 	cmd := exec.Command(dockerBinary, "exec", "parent", "sh", "-c", "mknod /tmp/sdb b 8 16")

 	out, _, err := runCommandWithOutput(cmd)

 	c.Assert(err, checker.NotNil, check.Commentf("exec mknod in --cap-drop=ALL container without --privileged should fail"))
 	c.Assert(out, checker.Contains, "Operation not permitted", check.Commentf("exec mknod in --cap-drop=ALL container without --privileged should fail"))

 	// Check exec mknod does work with --privileged
 	cmd = exec.Command(dockerBinary, "exec", "--privileged", "parent", "sh", "-c", `echo "Running exec --privileged" > /exec_priv && mknod /tmp/sdb b 8 16 && usleep 50000 && echo "Finished exec --privileged" > /exec_priv && echo ok`)

 	out, _, err = runCommandWithOutput(cmd)

 	c.Assert(err, checker.IsNil)

 	actual := strings.TrimSpace(out)
 	c.Assert(actual, checker.Equals, "ok", check.Commentf("exec mknod in --cap-drop=ALL container with --privileged failed, output: %q", out))

 	// Check subsequent unprivileged exec cannot mknod
 	cmd = exec.Command(dockerBinary, "exec", "parent", "sh", "-c", "mknod /tmp/sdc b 8 32")
 	out, _, err = runCommandWithOutput(cmd)

 	c.Assert(err, checker.NotNil, check.Commentf("repeating exec mknod in --cap-drop=ALL container after --privileged without --privileged should fail"))
 	c.Assert(out, checker.Contains, "Operation not permitted", check.Commentf("repeating exec mknod in --cap-drop=ALL container after --privileged without --privileged should fail"))

 
 	// Confirm at no point was mknod allowed
 	logCmd := exec.Command(dockerBinary, "logs", "parent")

 	out, _, err = runCommandWithOutput(logCmd)
 	c.Assert(err, checker.IsNil)
 	c.Assert(out, checker.Not(checker.Contains), "Success")

 }
 

 func (s *DockerSuite) TestExecWithImageUser(c *check.C) {

 	// Not applicable on Windows

 	testRequires(c, DaemonIsLinux)

 	name := "testbuilduser"
 	_, err := buildImage(name,
 		`FROM busybox
 		RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 		USER dockerio`,
 		true)

 	c.Assert(err, checker.IsNil)

 
 	dockerCmd(c, "run", "-d", "--name", "dockerioexec", name, "top")
 
 	out, _ := dockerCmd(c, "exec", "dockerioexec", "whoami")

 	c.Assert(out, checker.Contains, "dockerio", check.Commentf("exec with user by id expected dockerio user got %s", out))

 }

 
 func (s *DockerSuite) TestExecOnReadonlyContainer(c *check.C) {

 	// Windows does not support read-only

 	// --read-only + userns has remount issues
 	testRequires(c, DaemonIsLinux, NotUserNamespace)

 	dockerCmd(c, "run", "-d", "--read-only", "--name", "parent", "busybox", "top")

 	dockerCmd(c, "exec", "parent", "true")

 }

 func (s *DockerSuite) TestExecUlimits(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testexeculimits"
 	runSleepingContainer(c, "-d", "--ulimit", "nproc=21", "--name", name)
 	c.Assert(waitRun(name), checker.IsNil)
 
 	out, _, err := dockerCmdWithError("exec", name, "sh", "-c", "ulimit -p")
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Equals, "21")
 }
 

 // #15750
 func (s *DockerSuite) TestExecStartFails(c *check.C) {

 	// TODO Windows CI. This test should be portable. Figure out why it fails
 	// currently.

 	testRequires(c, DaemonIsLinux)

 	name := "exec-15750"

 	runSleepingContainer(c, "-d", "--name", name)

 	c.Assert(waitRun(name), checker.IsNil)

 	out, _, err := dockerCmdWithError("exec", name, "no-such-cmd")

 	c.Assert(err, checker.NotNil, check.Commentf(out))

 	c.Assert(out, checker.Contains, "executable file not found")

 }