diff options
author | Arnaud Rebillout <elboulangero@gmail.com> | 2020-11-26 22:39:55 +0700 |
---|---|---|
committer | Arnaud Rebillout <elboulangero@gmail.com> | 2020-12-15 09:47:48 +0700 |
commit | c7e74267965f9b03e64128de6951ee25fed66afc (patch) | |
tree | a4f50a05515c9c3b1c0bdb06eba5081044268fe3 | |
parent | 6349b32e1b3e8d5e219452c0662909e5e7fb222d (diff) | |
download | docker-c7e74267965f9b03e64128de6951ee25fed66afc.tar.gz |
pkg/chrootarchive: Skip privileged tests when non-root
These tests fail when run by a non-root user
=== RUN TestUntarWithMaliciousSymlinks
archive_unix_test.go:63: assertion failed: expected error to contain "open /safe/host-file: no such file or directory", got "Error processing tar file(exit status 1): Error creating mount namespace before pivot: operation not permitted"
--- FAIL: TestUntarWithMaliciousSymlinks (0.00s)
=== RUN TestTarWithMaliciousSymlinks
archive_unix_test.go:90: /tmp/TestTarWithMaliciousSymlinks400408188
=== RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe_host-file
archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
=== RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe/_host-file
archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
=== RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe_
archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
=== RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe/_
archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
=== RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_safe/host-file
archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
=== RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_/safe/host-file
archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
=== RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_
archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
--- FAIL: TestTarWithMaliciousSymlinks (0.02s)
--- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe_host-file (0.00s)
--- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe/_host-file (0.00s)
--- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe_ (0.00s)
--- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe/_ (0.00s)
--- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_safe/host-file (0.00s)
--- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_/safe/host-file (0.00s)
--- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_ (0.00s)
FAIL
FAIL github.com/docker/docker/pkg/chrootarchive 0.042s
Signed-off-by: Arnaud Rebillout <elboulangero@gmail.com>
-rw-r--r-- | pkg/chrootarchive/archive_unix_test.go | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/pkg/chrootarchive/archive_unix_test.go b/pkg/chrootarchive/archive_unix_test.go index f7b99e3306..f9bf815ec8 100644 --- a/pkg/chrootarchive/archive_unix_test.go +++ b/pkg/chrootarchive/archive_unix_test.go @@ -16,6 +16,7 @@ import ( "github.com/docker/docker/pkg/archive" "golang.org/x/sys/unix" "gotest.tools/v3/assert" + "gotest.tools/v3/skip" ) // Test for CVE-2018-15664 @@ -23,6 +24,7 @@ import ( // some path outside of a container's rootfs that we do not copy data to a // container path that will actually overwrite data on the host func TestUntarWithMaliciousSymlinks(t *testing.T) { + skip.If(t, os.Getuid() != 0, "skipping test that requires root") dir, err := ioutil.TempDir("", t.Name()) assert.NilError(t, err) defer os.RemoveAll(dir) @@ -84,6 +86,7 @@ func TestUntarWithMaliciousSymlinks(t *testing.T) { // some path outside of a container's rootfs that we do not unwittingly leak // host data into the archive. func TestTarWithMaliciousSymlinks(t *testing.T) { + skip.If(t, os.Getuid() != 0, "skipping test that requires root") dir, err := ioutil.TempDir("", t.Name()) assert.NilError(t, err) // defer os.RemoveAll(dir) |