Browse code
pkg/archive: fix TestTarUntarWithXattr failure on recent kernel
Recent kernel has strict check for security.capability value.
Fix #38289
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Akihiro Suda authored on 2018/11/29 16:14:35Showing 2 changed files
| ... | ... |
@@ -7,6 +7,7 @@ import ( |
| 7 | 7 |
"fmt" |
| 8 | 8 |
"io/ioutil" |
| 9 | 9 |
"os" |
| 10 |
+ "os/exec" |
|
| 10 | 11 |
"path/filepath" |
| 11 | 12 |
"strings" |
| 12 | 13 |
"syscall" |
| ... | ... |
@@ -222,6 +223,13 @@ func TestTarWithBlockCharFifo(t *testing.T) {
|
| 222 | 222 |
// TestTarUntarWithXattr is Unix as Lsetxattr is not supported on Windows |
| 223 | 223 |
func TestTarUntarWithXattr(t *testing.T) {
|
| 224 | 224 |
skip.If(t, os.Getuid() != 0, "skipping test that requires root") |
| 225 |
+ if _, err := exec.LookPath("setcap"); err != nil {
|
|
| 226 |
+ t.Skip("setcap not installed")
|
|
| 227 |
+ } |
|
| 228 |
+ if _, err := exec.LookPath("getcap"); err != nil {
|
|
| 229 |
+ t.Skip("getcap not installed")
|
|
| 230 |
+ } |
|
| 231 |
+ |
|
| 225 | 232 |
origin, err := ioutil.TempDir("", "docker-test-untar-origin")
|
| 226 | 233 |
assert.NilError(t, err) |
| 227 | 234 |
defer os.RemoveAll(origin) |
| ... | ... |
@@ -232,8 +240,9 @@ func TestTarUntarWithXattr(t *testing.T) {
|
| 232 | 232 |
assert.NilError(t, err) |
| 233 | 233 |
err = ioutil.WriteFile(filepath.Join(origin, "3"), []byte("will be ignored"), 0700)
|
| 234 | 234 |
assert.NilError(t, err) |
| 235 |
- err = system.Lsetxattr(filepath.Join(origin, "2"), "security.capability", []byte{0x00}, 0)
|
|
| 236 |
- assert.NilError(t, err) |
|
| 235 |
+ // there is no known Go implementation of setcap/getcap with support for v3 file capability |
|
| 236 |
+ out, err := exec.Command("setcap", "cap_block_suspend+ep", filepath.Join(origin, "2")).CombinedOutput()
|
|
| 237 |
+ assert.NilError(t, err, string(out)) |
|
| 237 | 238 |
|
| 238 | 239 |
for _, c := range []Compression{
|
| 239 | 240 |
Uncompressed, |
| ... | ... |
@@ -251,10 +260,9 @@ func TestTarUntarWithXattr(t *testing.T) {
|
| 251 | 251 |
if len(changes) != 1 || changes[0].Path != "/3" {
|
| 252 | 252 |
t.Fatalf("Unexpected differences after tarUntar: %v", changes)
|
| 253 | 253 |
} |
| 254 |
- capability, _ := system.Lgetxattr(filepath.Join(origin, "2"), "security.capability") |
|
| 255 |
- if capability == nil && capability[0] != 0x00 {
|
|
| 256 |
- t.Fatalf("Untar should have kept the 'security.capability' xattr.")
|
|
| 257 |
- } |
|
| 254 |
+ out, err := exec.Command("getcap", filepath.Join(origin, "2")).CombinedOutput()
|
|
| 255 |
+ assert.NilError(t, err, string(out)) |
|
| 256 |
+ assert.Check(t, is.Contains(string(out), "= cap_block_suspend+ep"), "untar should have kept the 'security.capability' xattr") |
|
| 258 | 257 |
} |
| 259 | 258 |
} |
| 260 | 259 |
|