Browse code
add unprivilegeduser via the Dockerfile
This changes the test TestBuildWithInaccessibleFilesInContext to not
add the user 'unprivilegeduser' and add it via the Dockerfile instead.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
unclejack authored on 2014/05/20 05:55:28Showing 2 changed files
| ... | ... |
@@ -92,6 +92,9 @@ RUN /bin/echo -e '[default]\naccess_key=$AWS_ACCESS_KEY\nsecret_key=$AWS_SECRET_ |
| 92 | 92 |
# Set user.email so crosbymichael's in-container merge commits go smoothly |
| 93 | 93 |
RUN git config --global user.email 'docker-dummy@example.com' |
| 94 | 94 |
|
| 95 |
+# Add an unprivileged user to be used for tests which need it |
|
| 96 |
+RUN adduser unprivilegeduser |
|
| 97 |
+ |
|
| 95 | 98 |
VOLUME /var/lib/docker |
| 96 | 99 |
WORKDIR /go/src/github.com/dotcloud/docker |
| 97 | 100 |
ENV DOCKER_BUILDTAGS apparmor selinux |
| ... | ... |
@@ -125,16 +125,13 @@ func TestAddWholeDirToRoot(t *testing.T) {
|
| 125 | 125 |
// when we can't access files in the context. |
| 126 | 126 |
func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
|
| 127 | 127 |
buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildWithInaccessibleFilesInContext") |
| 128 |
- addUserCmd := exec.Command("adduser", "unprivilegeduser")
|
|
| 129 |
- out, _, err := runCommandWithOutput(addUserCmd) |
|
| 130 |
- errorOut(err, t, fmt.Sprintf("failed to add user: %v %v", out, err))
|
|
| 131 | 128 |
|
| 132 | 129 |
{
|
| 133 | 130 |
// This is used to ensure we detect inaccessible files early during build in the cli client |
| 134 | 131 |
pathToInaccessibleFileBuildDirectory := filepath.Join(buildDirectory, "inaccessiblefile") |
| 135 | 132 |
pathToFileWithoutReadAccess := filepath.Join(pathToInaccessibleFileBuildDirectory, "fileWithoutReadAccess") |
| 136 | 133 |
|
| 137 |
- err = os.Chown(pathToFileWithoutReadAccess, 0, 0) |
|
| 134 |
+ err := os.Chown(pathToFileWithoutReadAccess, 0, 0) |
|
| 138 | 135 |
errorOut(err, t, fmt.Sprintf("failed to chown file to root: %s", err))
|
| 139 | 136 |
err = os.Chmod(pathToFileWithoutReadAccess, 0700) |
| 140 | 137 |
errorOut(err, t, fmt.Sprintf("failed to chmod file to 700: %s", err))
|
| ... | ... |
@@ -162,7 +159,7 @@ func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
|
| 162 | 162 |
pathToDirectoryWithoutReadAccess := filepath.Join(pathToInaccessibleDirectoryBuildDirectory, "directoryWeCantStat") |
| 163 | 163 |
pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar") |
| 164 | 164 |
|
| 165 |
- err = os.Chown(pathToDirectoryWithoutReadAccess, 0, 0) |
|
| 165 |
+ err := os.Chown(pathToDirectoryWithoutReadAccess, 0, 0) |
|
| 166 | 166 |
errorOut(err, t, fmt.Sprintf("failed to chown directory to root: %s", err))
|
| 167 | 167 |
err = os.Chmod(pathToDirectoryWithoutReadAccess, 0444) |
| 168 | 168 |
errorOut(err, t, fmt.Sprintf("failed to chmod directory to 755: %s", err))
|