diff options
author | Aleksa Sarai <asarai@suse.de> | 2018-11-30 17:31:44 +1100 |
---|---|---|
committer | Aleksa Sarai <asarai@suse.de> | 2018-11-30 19:44:50 +1100 |
commit | f38ac72bca104337addfdf979f58a3785365b844 (patch) | |
tree | 7d9cb6c6d4177ee437384bd26fbdc75aa0600b4b /daemon/oci_linux_test.go | |
parent | 7417f5057568eacf835e9f8ffdf7263e75908f0a (diff) | |
download | docker-f38ac72bca104337addfdf979f58a3785365b844.tar.gz |
oci: add integration tests for kernel.domainname configuration
This also includes a few refactors of oci_linux_test.go.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Diffstat (limited to 'daemon/oci_linux_test.go')
-rw-r--r-- | daemon/oci_linux_test.go | 116 |
1 files changed, 82 insertions, 34 deletions
diff --git a/daemon/oci_linux_test.go b/daemon/oci_linux_test.go index 7b31970aae..33fab7028d 100644 --- a/daemon/oci_linux_test.go +++ b/daemon/oci_linux_test.go @@ -1,29 +1,67 @@ package daemon // import "github.com/docker/docker/daemon" import ( + "io/ioutil" "os" + "path/filepath" "testing" containertypes "github.com/docker/docker/api/types/container" "github.com/docker/docker/container" "github.com/docker/docker/daemon/config" - "github.com/docker/docker/oci" + "github.com/docker/docker/daemon/network" + "github.com/docker/docker/pkg/containerfs" "github.com/docker/docker/pkg/idtools" + "github.com/docker/libnetwork" "gotest.tools/assert" is "gotest.tools/assert/cmp" ) +func setupFakeDaemon(t *testing.T, c *container.Container) *Daemon { + root, err := ioutil.TempDir("", "oci_linux_test-root") + assert.NilError(t, err) + + rootfs := filepath.Join(root, "rootfs") + err = os.MkdirAll(rootfs, 0755) + assert.NilError(t, err) + + netController, err := libnetwork.New() + assert.NilError(t, err) + + d := &Daemon{ + // some empty structs to avoid getting a panic + // caused by a null pointer dereference + idMapping: &idtools.IdentityMapping{}, + configStore: &config.Config{}, + linkIndex: newLinkIndex(), + netController: netController, + } + + c.Root = root + c.BaseFS = containerfs.NewLocalContainerFS(rootfs) + + if c.Config == nil { + c.Config = new(containertypes.Config) + } + if c.HostConfig == nil { + c.HostConfig = new(containertypes.HostConfig) + } + if c.NetworkSettings == nil { + c.NetworkSettings = &network.Settings{Networks: make(map[string]*network.EndpointSettings)} + } + + return d +} + +func cleanupFakeContainer(c *container.Container) { + os.RemoveAll(c.Root) +} + // TestTmpfsDevShmNoDupMount checks that a user-specified /dev/shm tmpfs // mount (as in "docker run --tmpfs /dev/shm:rw,size=NNN") does not result // in "Duplicate mount point" error from the engine. // https://github.com/moby/moby/issues/35455 func TestTmpfsDevShmNoDupMount(t *testing.T) { - d := Daemon{ - // some empty structs to avoid getting a panic - // caused by a null pointer dereference - idMapping: &idtools.IdentityMapping{}, - configStore: &config.Config{}, - } c := &container.Container{ ShmPath: "foobar", // non-empty, for c.IpcMounts() to work HostConfig: &containertypes.HostConfig{ @@ -34,19 +72,10 @@ func TestTmpfsDevShmNoDupMount(t *testing.T) { }, }, } + d := setupFakeDaemon(t, c) + defer cleanupFakeContainer(c) - // Mimic the code flow of daemon.createSpec(), enough to reproduce the issue - ms, err := d.setupMounts(c) - assert.Check(t, err) - - ms = append(ms, c.IpcMounts()...) - - tmpfsMounts, err := c.TmpfsMounts() - assert.Check(t, err) - ms = append(ms, tmpfsMounts...) - - s := oci.DefaultSpec() - err = setMounts(&d, &s, c, ms) + _, err := d.createSpec(c) assert.Check(t, err) } @@ -55,28 +84,16 @@ func TestTmpfsDevShmNoDupMount(t *testing.T) { // the resulting /dev/shm mount is NOT made read-only. // https://github.com/moby/moby/issues/36503 func TestIpcPrivateVsReadonly(t *testing.T) { - d := Daemon{ - // some empty structs to avoid getting a panic - // caused by a null pointer dereference - idMapping: &idtools.IdentityMapping{}, - configStore: &config.Config{}, - } c := &container.Container{ HostConfig: &containertypes.HostConfig{ IpcMode: containertypes.IpcMode("private"), ReadonlyRootfs: true, }, } + d := setupFakeDaemon(t, c) + defer cleanupFakeContainer(c) - // We can't call createSpec() so mimick the minimal part - // of its code flow, just enough to reproduce the issue. - ms, err := d.setupMounts(c) - assert.Check(t, err) - - s := oci.DefaultSpec() - s.Root.Readonly = c.HostConfig.ReadonlyRootfs - - err = setMounts(&d, &s, c, ms) + s, err := d.createSpec(c) assert.Check(t, err) // Find the /dev/shm mount in ms, check it does not have ro @@ -88,6 +105,37 @@ func TestIpcPrivateVsReadonly(t *testing.T) { } } +// TestSysctlOverride ensures that any implicit sysctls (such as +// Config.Domainname) are overridden by an explicit sysctl in the HostConfig. +func TestSysctlOverride(t *testing.T) { + c := &container.Container{ + Config: &containertypes.Config{ + Hostname: "foobar", + Domainname: "baz.cyphar.com", + }, + HostConfig: &containertypes.HostConfig{ + Sysctls: map[string]string{}, + }, + } + d := setupFakeDaemon(t, c) + defer cleanupFakeContainer(c) + + // Ensure that the implicit sysctl is set correctly. + s, err := d.createSpec(c) + assert.NilError(t, err) + assert.Equal(t, s.Hostname, "foobar") + assert.Equal(t, s.Linux.Sysctl["kernel.domainname"], c.Config.Domainname) + + // Set an explicit sysctl. + c.HostConfig.Sysctls["kernel.domainname"] = "foobar.net" + assert.Assert(t, c.HostConfig.Sysctls["kernel.domainname"] != c.Config.Domainname) + + s, err = d.createSpec(c) + assert.NilError(t, err) + assert.Equal(t, s.Hostname, "foobar") + assert.Equal(t, s.Linux.Sysctl["kernel.domainname"], c.HostConfig.Sysctls["kernel.domainname"]) +} + func TestGetSourceMount(t *testing.T) { // must be able to find source mount for / mnt, _, err := getSourceMount("/") |