1. docker
  2. Commit 33dd562e3acff71ee18a2543d14fcbecf9bf0e62
Browse code

daemon/oci_linux_test: add TestIpcPrivateVsReadonly

The test case checks that in case of IpcMode: private and
ReadonlyRootfs: true (as in "docker run --ipc private --read-only")
the resulting /dev/shm mount is NOT made read-only.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

Kir Kolyshkin authored on 2018/03/09 05:24:39
Showing 1 changed files
daemon/oci_linux_test.go
History View file @ 33dd562
... ... 
@@ -48,3 +48,41 @@ func TestTmpfsDevShmNoDupMount(t *testing.T) {
48 48 
 	err = setMounts(&d, &s, c, ms)
49 49 
 	assert.NoError(t, err)
50 50 
 }
51 
+
52 
+// TestIpcPrivateVsReadonly checks that in case of IpcMode: private
53 
+// and ReadonlyRootfs: true (as in "docker run --ipc private --read-only")
54 
+// the resulting /dev/shm mount is NOT made read-only.
55 
+// https://github.com/moby/moby/issues/36503
56 
+func TestIpcPrivateVsReadonly(t *testing.T) {
57 
+	d := Daemon{
58 
+		// some empty structs to avoid getting a panic
59 
+		// caused by a null pointer dereference
60 
+		idMappings:  &idtools.IDMappings{},
61 
+		configStore: &config.Config{},
62 
+	}
63 
+	c := &container.Container{
64 
+		HostConfig: &containertypes.HostConfig{
65 
+			IpcMode:        containertypes.IpcMode("private"),
66 
+			ReadonlyRootfs: true,
67 
+		},
68 
+	}
69 
+
70 
+	// We can't call createSpec() so mimick the minimal part
71 
+	// of its code flow, just enough to reproduce the issue.
72 
+	ms, err := d.setupMounts(c)
73 
+	assert.NoError(t, err)
74 
+
75 
+	s := oci.DefaultSpec()
76 
+	s.Root.Readonly = c.HostConfig.ReadonlyRootfs
77 
+
78 
+	err = setMounts(&d, &s, c, ms)
79 
+	assert.NoError(t, err)
80 
+
81 
+	// Find the /dev/shm mount in ms, check it does not have ro
82 
+	for _, m := range s.Mounts {
83 
+		if m.Destination != "/dev/shm" {
84 
+			continue
85 
+		}
86 
+		assert.Equal(t, false, inSlice(m.Options, "ro"))
87 
+	}
88 
+}