From 427b77a9a426382a1789898313a9dd8ec963941c Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 11 Mar 2016 09:34:11 +1100 Subject: [PATCH] integration-cli: add tests for ADD and COPY obeying USER Make sure that there aren't regressions when COPYing or ADDing a file with a non-root USER directive has been set. Signed-off-by: Aleksa Sarai --- integration-cli/docker_cli_build_unix_test.go | 86 ++++++++++++++++++- 1 file changed, 84 insertions(+), 2 deletions(-) diff --git a/integration-cli/docker_cli_build_unix_test.go b/integration-cli/docker_cli_build_unix_test.go index 56ab66efae9f3..902eac8ce0b7f 100644 --- a/integration-cli/docker_cli_build_unix_test.go +++ b/integration-cli/docker_cli_build_unix_test.go @@ -80,7 +80,7 @@ func (s *DockerSuite) TestBuildResourceConstraintsAreUsed(c *check.C) { c.Assert(c2.Ulimits, checker.IsNil, check.Commentf("resource leaked from build for Ulimits")) } -func (s *DockerSuite) TestBuildAddChangeOwnership(c *check.C) { +func (s *DockerSuite) TestBuildAddThenChmod(c *check.C) { testRequires(c, DaemonIsLinux) name := "testbuildaddown" @@ -115,7 +115,89 @@ func (s *DockerSuite) TestBuildAddChangeOwnership(c *check.C) { defer ctx.Close() if _, err := buildImageFromContext(name, ctx, true); err != nil { - c.Fatalf("build failed to complete for TestBuildAddChangeOwnership: %v", err) + c.Fatalf("build failed to complete for TestBuildAddThenChmod: %v", err) + } +} + +// Test for #6119. +func (s *DockerSuite) TestBuildAddObeysUserConfig(c *check.C) { + testRequires(c, DaemonIsLinux) + name := "testbuildaddobeyuser" + + ctx := func() *FakeContext { + dockerfile := ` + FROM busybox + USER 1337:1337 + ADD foo /bar/ + RUN [ $(stat -c %u:%g "/bar") = '1337:1337' ] + RUN [ $(stat -c %u:%g "/bar/foo") = '1337:1337' ] + ` + tmpDir, err := ioutil.TempDir("", "fake-context") + c.Assert(err, check.IsNil) + testFile, err := os.Create(filepath.Join(tmpDir, "foo")) + if err != nil { + c.Fatalf("failed to create foo file: %v", err) + } + defer testFile.Close() + + chownCmd := exec.Command("chown", "daemon:daemon", "foo") + chownCmd.Dir = tmpDir + out, _, err := runCommandWithOutput(chownCmd) + if err != nil { + c.Fatal(err, out) + } + + if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil { + c.Fatalf("failed to open destination dockerfile: %v", err) + } + return fakeContextFromDir(tmpDir) + }() + + defer ctx.Close() + + if _, err := buildImageFromContext(name, ctx, true); err != nil { + c.Fatalf("build failed to complete for TestBuildAddObeysUserConfig: %v", err) + } +} + +// Test for #6119. +func (s *DockerSuite) TestBuildCopyObeysUserConfig(c *check.C) { + testRequires(c, DaemonIsLinux) + name := "testbuildcopyobeyuser" + + ctx := func() *FakeContext { + dockerfile := ` + FROM busybox + USER 1337:1337 + COPY foo /bar/ + RUN [ $(stat -c %u:%g "/bar") = '1337:1337' ] + RUN [ $(stat -c %u:%g "/bar/foo") = '1337:1337' ] + ` + tmpDir, err := ioutil.TempDir("", "fake-context") + c.Assert(err, check.IsNil) + testFile, err := os.Create(filepath.Join(tmpDir, "foo")) + if err != nil { + c.Fatalf("failed to create foo file: %v", err) + } + defer testFile.Close() + + chownCmd := exec.Command("chown", "daemon:daemon", "foo") + chownCmd.Dir = tmpDir + out, _, err := runCommandWithOutput(chownCmd) + if err != nil { + c.Fatal(err, out) + } + + if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil { + c.Fatalf("failed to open destination dockerfile: %v", err) + } + return fakeContextFromDir(tmpDir) + }() + + defer ctx.Close() + + if _, err := buildImageFromContext(name, ctx, true); err != nil { + c.Fatalf("build failed to complete for TestBuildCopyObeysUserConfig: %v", err) } }