Browse code
Default process user to container config user.
Signed-off-by: David Calavera <david.calavera@gmail.com>
David Calavera authored on 2015/06/27 07:06:37Showing 2 changed files
| ... | ... |
@@ -109,7 +109,6 @@ func (d *Daemon) getActiveContainer(name string) (*Container, error) {
|
| 109 | 109 |
} |
| 110 | 110 |
|
| 111 | 111 |
func (d *Daemon) ContainerExecCreate(config *runconfig.ExecConfig) (string, error) {
|
| 112 |
- |
|
| 113 | 112 |
// Not all drivers support Exec (LXC for example) |
| 114 | 113 |
if err := checkExecSupport(d.execDriver.Name()); err != nil {
|
| 115 | 114 |
return "", err |
| ... | ... |
@@ -123,11 +122,16 @@ func (d *Daemon) ContainerExecCreate(config *runconfig.ExecConfig) (string, erro |
| 123 | 123 |
cmd := runconfig.NewCommand(config.Cmd...) |
| 124 | 124 |
entrypoint, args := d.getEntrypointAndArgs(runconfig.NewEntrypoint(), cmd) |
| 125 | 125 |
|
| 126 |
+ user := config.User |
|
| 127 |
+ if len(user) == 0 {
|
|
| 128 |
+ user = container.Config.User |
|
| 129 |
+ } |
|
| 130 |
+ |
|
| 126 | 131 |
processConfig := execdriver.ProcessConfig{
|
| 127 | 132 |
Tty: config.Tty, |
| 128 | 133 |
Entrypoint: entrypoint, |
| 129 | 134 |
Arguments: args, |
| 130 |
- User: config.User, |
|
| 135 |
+ User: user, |
|
| 131 | 136 |
} |
| 132 | 137 |
|
| 133 | 138 |
execConfig := &execConfig{
|
| ... | ... |
@@ -445,7 +445,6 @@ func (s *DockerSuite) TestInspectExecID(c *check.C) {
|
| 445 | 445 |
} |
| 446 | 446 |
|
| 447 | 447 |
func (s *DockerSuite) TestLinksPingLinkedContainersOnRename(c *check.C) {
|
| 448 |
- |
|
| 449 | 448 |
var out string |
| 450 | 449 |
out, _ = dockerCmd(c, "run", "-d", "--name", "container1", "busybox", "top") |
| 451 | 450 |
idA := strings.TrimSpace(out) |
| ... | ... |
@@ -610,7 +609,6 @@ func (s *DockerSuite) TestRunMutableNetworkFiles(c *check.C) {
|
| 610 | 610 |
} |
| 611 | 611 |
|
| 612 | 612 |
func (s *DockerSuite) TestExecWithUser(c *check.C) {
|
| 613 |
- |
|
| 614 | 613 |
runCmd := exec.Command(dockerBinary, "run", "-d", "--name", "parent", "busybox", "top") |
| 615 | 614 |
if out, _, err := runCommandWithOutput(runCmd); err != nil {
|
| 616 | 615 |
c.Fatal(out, err) |
| ... | ... |
@@ -635,3 +633,22 @@ func (s *DockerSuite) TestExecWithUser(c *check.C) {
|
| 635 | 635 |
} |
| 636 | 636 |
|
| 637 | 637 |
} |
| 638 |
+ |
|
| 639 |
+func (s *DockerSuite) TestExecWithImageUser(c *check.C) {
|
|
| 640 |
+ name := "testbuilduser" |
|
| 641 |
+ _, err := buildImage(name, |
|
| 642 |
+ `FROM busybox |
|
| 643 |
+ RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd |
|
| 644 |
+ USER dockerio`, |
|
| 645 |
+ true) |
|
| 646 |
+ if err != nil {
|
|
| 647 |
+ c.Fatalf("Could not build image %s: %v", name, err)
|
|
| 648 |
+ } |
|
| 649 |
+ |
|
| 650 |
+ dockerCmd(c, "run", "-d", "--name", "dockerioexec", name, "top") |
|
| 651 |
+ |
|
| 652 |
+ out, _ := dockerCmd(c, "exec", "dockerioexec", "whoami") |
|
| 653 |
+ if !strings.Contains(out, "dockerio") {
|
|
| 654 |
+ c.Fatalf("exec with user by id expected dockerio user got %s", out)
|
|
| 655 |
+ } |
|
| 656 |
+} |