1. docker
  2. Commit 296fcf331f2886d2aba3cfb929887dfbb603643d
Browse code

Port privileged tests Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)

Michael Crosby authored on 2014/04/18 12:20:17
Showing 2 changed files
integration-cli/docker_cli_run_test.go
History View file @ 296fcf3
... ... 
@@ -603,3 +603,65 @@ func TestLoopbackOnlyExistsWhenNetworkingDisabled(t *testing.T) {
603 603
604 604 
 	logDone("run - test loopback only exists when networking disabled")
605 605 
 }
606 
+
607 
+func TestPrivilegedCanMknod(t *testing.T) {
608 
+	cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
609 
+	out, _, err := runCommandWithOutput(cmd)
610 
+	if err != nil {
611 
+		t.Fatal(err)
612 
+	}
613 
+
614 
+	if actual := strings.Trim(out, "\r\n"); actual != "ok" {
615 
+		t.Fatalf("expected output ok received %s", actual)
616 
+	}
617 
+	deleteAllContainers()
618 
+
619 
+	logDone("run - test privileged can mknod")
620 
+}
621 
+
622 
+func TestUnPrivilegedCanMknod(t *testing.T) {
623 
+	cmd := exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
624 
+	out, _, err := runCommandWithOutput(cmd)
625 
+	if err != nil {
626 
+		t.Fatal(err)
627 
+	}
628 
+
629 
+	if actual := strings.Trim(out, "\r\n"); actual != "ok" {
630 
+		t.Fatalf("expected output ok received %s", actual)
631 
+	}
632 
+	deleteAllContainers()
633 
+
634 
+	logDone("run - test un-privileged can mknod")
635 
+}
636 
+
637 
+func TestPrivilegedCanMount(t *testing.T) {
638 
+	cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "sh", "-c", "mount -t tmpfs none /tmp && echo ok")
639 
+
640 
+	out, _, err := runCommandWithOutput(cmd)
641 
+	if err != nil {
642 
+		t.Fatal(err)
643 
+	}
644 
+
645 
+	if actual := strings.Trim(out, "\r\n"); actual != "ok" {
646 
+		t.Fatalf("expected output ok received %s", actual)
647 
+	}
648 
+	deleteAllContainers()
649 
+
650 
+	logDone("run - test privileged can mount")
651 
+}
652 
+
653 
+func TestUnPrivilegedCannotMount(t *testing.T) {
654 
+	cmd := exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "mount -t tmpfs none /tmp && echo ok")
655 
+
656 
+	out, _, err := runCommandWithOutput(cmd)
657 
+	if err == nil {
658 
+		t.Fatal(err, out)
659 
+	}
660 
+
661 
+	if actual := strings.Trim(out, "\r\n"); actual == "ok" {
662 
+		t.Fatalf("expected output not ok received %s", actual)
663 
+	}
664 
+	deleteAllContainers()
665 
+
666 
+	logDone("run - test un-privileged cannot mount")
667 
+}
integration/container_test.go
History View file @ 296fcf3
... ... 
@@ -1,56 +1,17 @@
1 1 
 package docker
2 2
3 3 
 import (
4 
-	"bufio"
5 4 
 	"fmt"
6 5 
 	"github.com/dotcloud/docker/runconfig"
7 
-	"github.com/dotcloud/docker/utils"
8 6 
 	"io"
9 7 
 	"io/ioutil"
10 8 
 	"os"
11 9 
 	"path"
12 
-	"regexp"
13 
-	"sort"
14 10 
 	"strings"
15 11 
 	"testing"
16 12 
 	"time"
17 13 
 )
18 14
19 
-func TestCpuShares(t *testing.T) {
20 
-	_, err1 := os.Stat("/sys/fs/cgroup/cpuacct,cpu")
21 
-	_, err2 := os.Stat("/sys/fs/cgroup/cpu,cpuacct")
22 
-	if err1 == nil || err2 == nil {
23 
-		t.Skip("Fixme. Setting cpu cgroup shares doesn't work in dind on a Fedora host.  The lxc utils are confused by the cpu,cpuacct mount.")
24 
-	}
25 
-	daemon := mkDaemon(t)
26 
-	defer nuke(daemon)
27 
-	container, _, _ := mkContainer(daemon, []string{"-m", "33554432", "-c", "1000", "-i", "_", "/bin/cat"}, t)
28 
-	defer daemon.Destroy(container)
29 
-
30 
-	cStdin, err := container.StdinPipe()
31 
-	if err != nil {
32 
-		t.Fatal(err)
33 
-	}
34 
-
35 
-	if err := container.Start(); err != nil {
36 
-		t.Fatal(err)
37 
-	}
38 
-
39 
-	// Give some time to the process to start
40 
-	container.WaitTimeout(500 * time.Millisecond)
41 
-
42 
-	if !container.State.IsRunning() {
43 
-		t.Errorf("Container should be running")
44 
-	}
45 
-	if err := container.Start(); err != nil {
46 
-		t.Fatalf("A running container should be able to be started")
47 
-	}
48 
-
49 
-	// Try to avoid the timeout in destroy. Best effort, don't check error
50 
-	cStdin.Close()
51 
-	container.WaitTimeout(2 * time.Second)
52 
-}
53 
-
54 15 
 func TestKillDifferentUser(t *testing.T) {
55 16 
 	daemon := mkDaemon(t)
56 17 
 	defer nuke(daemon)
... ... 
@@ -582,39 +543,3 @@ func TestRestartWithVolumes(t *testing.T) {
582 582 
 		t.Fatalf("Expected volume path: %s Actual path: %s", expected, actual)
583 583 
 	}
584 584 
 }
585 
-
586 
-func TestPrivilegedCanMknod(t *testing.T) {
587 
-	eng := NewTestEngine(t)
588 
-	daemon := mkDaemonFromEngine(eng, t)
589 
-	defer daemon.Nuke()
590 
-	if output, err := runContainer(eng, daemon, []string{"--privileged", "_", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok"}, t); output != "ok\n" {
591 
-		t.Fatalf("Could not mknod into privileged container %s %v", output, err)
592 
-	}
593 
-}
594 
-
595 
-func TestPrivilegedCanMount(t *testing.T) {
596 
-	eng := NewTestEngine(t)
597 
-	daemon := mkDaemonFromEngine(eng, t)
598 
-	defer daemon.Nuke()
599 
-	if output, _ := runContainer(eng, daemon, []string{"--privileged", "_", "sh", "-c", "mount -t tmpfs none /tmp && echo ok"}, t); output != "ok\n" {
600 
-		t.Fatal("Could not mount into privileged container")
601 
-	}
602 
-}
603 
-
604 
-func TestUnprivilegedCanMknod(t *testing.T) {
605 
-	eng := NewTestEngine(t)
606 
-	daemon := mkDaemonFromEngine(eng, t)
607 
-	defer daemon.Nuke()
608 
-	if output, _ := runContainer(eng, daemon, []string{"_", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok"}, t); output != "ok\n" {
609 
-		t.Fatal("Couldn't mknod into secure container")
610 
-	}
611 
-}
612 
-
613 
-func TestUnprivilegedCannotMount(t *testing.T) {
614 
-	eng := NewTestEngine(t)
615 
-	daemon := mkDaemonFromEngine(eng, t)
616 
-	defer daemon.Nuke()
617 
-	if output, _ := runContainer(eng, daemon, []string{"_", "sh", "-c", "mount -t tmpfs none /tmp || echo ok"}, t); output != "ok\n" {
618 
-		t.Fatal("Could mount into secure container")
619 
-	}
620 
-}