Browse code
integration-cli: cp: added symlink-related tests
This patch adds cli integration tests for #5619, which are tests
to ensure that symlinks are kept relative to the container rootfs
(even when a path component).
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
cyphar authored on 2014/05/23 21:42:46Showing 1 changed files
| ... | ... |
@@ -208,6 +208,134 @@ func TestCpAbsolutePath(t *testing.T) {
|
| 208 | 208 |
logDone("cp - absolute paths relative to container's rootfs")
|
| 209 | 209 |
} |
| 210 | 210 |
|
| 211 |
+// Test for #5619 |
|
| 212 |
+// Check that absolute symlinks are still relative to the container's rootfs |
|
| 213 |
+func TestCpAbsoluteSymlink(t *testing.T) {
|
|
| 214 |
+ out, exitCode, err := cmd(t, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir -p '"+cpTestPath+"' && echo -n '"+cpContainerContents+"' > "+cpFullPath+" && ln -s "+cpFullPath+" container_path") |
|
| 215 |
+ if err != nil || exitCode != 0 {
|
|
| 216 |
+ t.Fatal("failed to create a container", out, err)
|
|
| 217 |
+ } |
|
| 218 |
+ |
|
| 219 |
+ cleanedContainerID := stripTrailingCharacters(out) |
|
| 220 |
+ defer deleteContainer(cleanedContainerID) |
|
| 221 |
+ |
|
| 222 |
+ out, _, err = cmd(t, "wait", cleanedContainerID) |
|
| 223 |
+ if err != nil || stripTrailingCharacters(out) != "0" {
|
|
| 224 |
+ t.Fatal("failed to set up container", out, err)
|
|
| 225 |
+ } |
|
| 226 |
+ |
|
| 227 |
+ if err := os.MkdirAll(cpTestPath, os.ModeDir); err != nil {
|
|
| 228 |
+ t.Fatal(err) |
|
| 229 |
+ } |
|
| 230 |
+ |
|
| 231 |
+ hostFile, err := os.Create(cpFullPath) |
|
| 232 |
+ if err != nil {
|
|
| 233 |
+ t.Fatal(err) |
|
| 234 |
+ } |
|
| 235 |
+ defer hostFile.Close() |
|
| 236 |
+ defer os.RemoveAll(cpTestPathParent) |
|
| 237 |
+ |
|
| 238 |
+ fmt.Fprintf(hostFile, "%s", cpHostContents) |
|
| 239 |
+ |
|
| 240 |
+ tmpdir, err := ioutil.TempDir("", "docker-integration")
|
|
| 241 |
+ |
|
| 242 |
+ if err != nil {
|
|
| 243 |
+ t.Fatal(err) |
|
| 244 |
+ } |
|
| 245 |
+ |
|
| 246 |
+ tmpname := filepath.Join(tmpdir, cpTestName) |
|
| 247 |
+ defer os.RemoveAll(tmpdir) |
|
| 248 |
+ |
|
| 249 |
+ path := filepath.Join("/", "container_path")
|
|
| 250 |
+ |
|
| 251 |
+ _, _, err = cmd(t, "cp", cleanedContainerID+":"+path, tmpdir) |
|
| 252 |
+ if err != nil {
|
|
| 253 |
+ t.Fatalf("couldn't copy from absolute path: %s:%s %s", cleanedContainerID, path, err)
|
|
| 254 |
+ } |
|
| 255 |
+ |
|
| 256 |
+ file, _ := os.Open(tmpname) |
|
| 257 |
+ defer file.Close() |
|
| 258 |
+ |
|
| 259 |
+ test, err := ioutil.ReadAll(file) |
|
| 260 |
+ if err != nil {
|
|
| 261 |
+ t.Fatal(err) |
|
| 262 |
+ } |
|
| 263 |
+ |
|
| 264 |
+ if string(test) == cpHostContents {
|
|
| 265 |
+ t.Errorf("output matched host file -- absolute symlink can escape container rootfs")
|
|
| 266 |
+ } |
|
| 267 |
+ |
|
| 268 |
+ if string(test) != cpContainerContents {
|
|
| 269 |
+ t.Errorf("output doesn't match the input for absolute symlink")
|
|
| 270 |
+ } |
|
| 271 |
+ |
|
| 272 |
+ logDone("cp - absolute symlink relative to container's rootfs")
|
|
| 273 |
+} |
|
| 274 |
+ |
|
| 275 |
+// Test for #5619 |
|
| 276 |
+// Check that symlinks which are part of the resource path are still relative to the container's rootfs |
|
| 277 |
+func TestCpSymlinkComponent(t *testing.T) {
|
|
| 278 |
+ out, exitCode, err := cmd(t, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir -p '"+cpTestPath+"' && echo -n '"+cpContainerContents+"' > "+cpFullPath+" && ln -s "+cpTestPath+" container_path") |
|
| 279 |
+ if err != nil || exitCode != 0 {
|
|
| 280 |
+ t.Fatal("failed to create a container", out, err)
|
|
| 281 |
+ } |
|
| 282 |
+ |
|
| 283 |
+ cleanedContainerID := stripTrailingCharacters(out) |
|
| 284 |
+ defer deleteContainer(cleanedContainerID) |
|
| 285 |
+ |
|
| 286 |
+ out, _, err = cmd(t, "wait", cleanedContainerID) |
|
| 287 |
+ if err != nil || stripTrailingCharacters(out) != "0" {
|
|
| 288 |
+ t.Fatal("failed to set up container", out, err)
|
|
| 289 |
+ } |
|
| 290 |
+ |
|
| 291 |
+ if err := os.MkdirAll(cpTestPath, os.ModeDir); err != nil {
|
|
| 292 |
+ t.Fatal(err) |
|
| 293 |
+ } |
|
| 294 |
+ |
|
| 295 |
+ hostFile, err := os.Create(cpFullPath) |
|
| 296 |
+ if err != nil {
|
|
| 297 |
+ t.Fatal(err) |
|
| 298 |
+ } |
|
| 299 |
+ defer hostFile.Close() |
|
| 300 |
+ defer os.RemoveAll(cpTestPathParent) |
|
| 301 |
+ |
|
| 302 |
+ fmt.Fprintf(hostFile, "%s", cpHostContents) |
|
| 303 |
+ |
|
| 304 |
+ tmpdir, err := ioutil.TempDir("", "docker-integration")
|
|
| 305 |
+ |
|
| 306 |
+ if err != nil {
|
|
| 307 |
+ t.Fatal(err) |
|
| 308 |
+ } |
|
| 309 |
+ |
|
| 310 |
+ tmpname := filepath.Join(tmpdir, cpTestName) |
|
| 311 |
+ defer os.RemoveAll(tmpdir) |
|
| 312 |
+ |
|
| 313 |
+ path := filepath.Join("/", "container_path", cpTestName)
|
|
| 314 |
+ |
|
| 315 |
+ _, _, err = cmd(t, "cp", cleanedContainerID+":"+path, tmpdir) |
|
| 316 |
+ if err != nil {
|
|
| 317 |
+ t.Fatalf("couldn't copy from symlink path component: %s:%s %s", cleanedContainerID, path, err)
|
|
| 318 |
+ } |
|
| 319 |
+ |
|
| 320 |
+ file, _ := os.Open(tmpname) |
|
| 321 |
+ defer file.Close() |
|
| 322 |
+ |
|
| 323 |
+ test, err := ioutil.ReadAll(file) |
|
| 324 |
+ if err != nil {
|
|
| 325 |
+ t.Fatal(err) |
|
| 326 |
+ } |
|
| 327 |
+ |
|
| 328 |
+ if string(test) == cpHostContents {
|
|
| 329 |
+ t.Errorf("output matched host file -- symlink path component can escape container rootfs")
|
|
| 330 |
+ } |
|
| 331 |
+ |
|
| 332 |
+ if string(test) != cpContainerContents {
|
|
| 333 |
+ t.Errorf("output doesn't match the input for symlink path component")
|
|
| 334 |
+ } |
|
| 335 |
+ |
|
| 336 |
+ logDone("cp - symlink path components relative to container's rootfs")
|
|
| 337 |
+} |
|
| 338 |
+ |
|
| 211 | 339 |
// Check that cp with unprivileged user doesn't return any error |
| 212 | 340 |
func TestCpUnprivilegedUser(t *testing.T) {
|
| 213 | 341 |
out, exitCode, err := cmd(t, "run", "-d", "busybox", "/bin/sh", "-c", "touch "+cpTestName) |