Browse code
Merge pull request #36226 from yongtang/36198-follow-up
Add description to TestContainerNetworkMountsNoChown
Yong Tang authored on 2018/02/09 21:39:56Showing 1 changed files
| ... | ... |
@@ -136,7 +136,16 @@ func TestContainerNetworkMountsNoChown(t *testing.T) {
|
| 136 | 136 |
err = cli.ContainerStart(ctx, ctrCreate.ID, types.ContainerStartOptions{})
|
| 137 | 137 |
require.NoError(t, err) |
| 138 | 138 |
|
| 139 |
- // check that host-located bind mount network file did not change ownership when the container was started |
|
| 139 |
+ // Check that host-located bind mount network file did not change ownership when the container was started |
|
| 140 |
+ // Note: If the user specifies a mountpath from the host, we should not be |
|
| 141 |
+ // attempting to chown files outside the daemon's metadata directory |
|
| 142 |
+ // (represented by `daemon.repository` at init time). |
|
| 143 |
+ // This forces users who want to use user namespaces to handle the |
|
| 144 |
+ // ownership needs of any external files mounted as network files |
|
| 145 |
+ // (/etc/resolv.conf, /etc/hosts, /etc/hostname) separately from the |
|
| 146 |
+ // daemon. In all other volume/bind mount situations we have taken this |
|
| 147 |
+ // same line--we don't chown host file content. |
|
| 148 |
+ // See GitHub PR 34224 for details. |
|
| 140 | 149 |
statT, err := system.Stat(tmpNWFileMount) |
| 141 | 150 |
require.NoError(t, err) |
| 142 | 151 |
assert.Equal(t, uint32(0), statT.UID(), "bind mounted network file should not change ownership from root") |