| 40be5dba |
// +build !windows
package main
import (
"fmt"
"os"
"path/filepath" |
| b2320d12 |
"strconv"
"strings" |
| e25352a4 |
"testing" |
| 40be5dba |
"github.com/docker/docker/pkg/system" |
| 6345208b |
"gotest.tools/assert" |
| 40be5dba |
)
|
| 64a928a3 |
func (s *DockerSuite) TestCpToContainerWithPermissions(c *testing.T) { |
| 43b15e92 |
testRequires(c, testEnv.IsLocalDaemon, DaemonIsLinux) |
| 8a7ff5ff |
tmpDir := getTestDir(c, "test-cp-to-host-with-permissions")
defer os.RemoveAll(tmpDir)
makeTestContentInDir(c, tmpDir)
containerName := "permtest"
_, exc := dockerCmd(c, "create", "--name", containerName, "debian:jessie", "/bin/bash", "-c", "stat -c '%u %g %a' /permdirtest /permdirtest/permtest") |
| 6345208b |
assert.Equal(c, exc, 0) |
| 8a7ff5ff |
defer dockerCmd(c, "rm", "-f", containerName)
srcPath := cpPath(tmpDir, "permdirtest")
dstPath := containerCpPath(containerName, "/") |
| 6345208b |
assert.NilError(c, runDockerCp(c, srcPath, dstPath, []string{"-a"})) |
| 8a7ff5ff |
out, err := startContainerGetOutput(c, containerName) |
| 6345208b |
assert.NilError(c, err, "output: %v", out)
assert.Equal(c, strings.TrimSpace(out), "2 2 700\n65534 65534 400", "output: %v", out) |
| 8a7ff5ff |
}
|
| 40be5dba |
// Check ownership is root, both in non-userns and userns enabled modes |
| 64a928a3 |
func (s *DockerSuite) TestCpCheckDestOwnership(c *testing.T) { |
| 43b15e92 |
testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon) |
| 40be5dba |
tmpVolDir := getTestDir(c, "test-cp-tmpvol")
containerID := makeTestContainer(c,
testContainerOptions{volumes: []string{fmt.Sprintf("%s:/tmpvol", tmpVolDir)}})
tmpDir := getTestDir(c, "test-cp-to-check-ownership")
defer os.RemoveAll(tmpDir)
makeTestContentInDir(c, tmpDir)
srcPath := cpPath(tmpDir, "file1")
dstPath := containerCpPath(containerID, "/tmpvol", "file1")
|
| 8a7ff5ff |
err := runDockerCp(c, srcPath, dstPath, nil) |
| 6345208b |
assert.NilError(c, err) |
| 40be5dba |
stat, err := system.Stat(filepath.Join(tmpVolDir, "file1")) |
| 6345208b |
assert.NilError(c, err) |
| 40be5dba |
uid, gid, err := getRootUIDGID() |
| 6345208b |
assert.NilError(c, err)
assert.Equal(c, stat.UID(), uint32(uid), "Copied file not owned by container root UID")
assert.Equal(c, stat.GID(), uint32(gid), "Copied file not owned by container root GID") |
| 40be5dba |
} |
| b2320d12 |
func getRootUIDGID() (int, int, error) { |
| 142b1f8b |
uidgid := strings.Split(filepath.Base(testEnv.DaemonInfo.DockerRootDir), ".") |
| b2320d12 |
if len(uidgid) == 1 {
//user namespace remapping is not turned on; return 0
return 0, 0, nil
}
uid, err := strconv.Atoi(uidgid[0])
if err != nil {
return 0, 0, err
}
gid, err := strconv.Atoi(uidgid[1])
if err != nil {
return 0, 0, err
}
return uid, gid, nil
} |