| package docker |
| |
| import ( |
| "bufio" |
| "fmt" |
| "github.com/dotcloud/docker" |
| "github.com/dotcloud/docker/utils" |
| "io" |
| "io/ioutil" |
| "os" |
| "path" |
| "regexp" |
| "sort" |
| "strings" |
| "testing" |
| "time" |
| ) |
| |
| func TestIDFormat(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container1, _, err := runtime.Create( |
| &docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"/bin/sh", "-c", "echo hello world"}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| match, err := regexp.Match("^[0-9a-f]{64}$", []byte(container1.ID)) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if !match { |
| t.Fatalf("Invalid container ID: %s", container1.ID) |
| } |
| } |
| |
| func TestMultipleAttachRestart(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container, _, _ := mkContainer( |
| runtime, |
| []string{"_", "/bin/sh", "-c", "i=1; while [ $i -le 5 ]; do i=`expr $i + 1`; echo hello; done"}, |
| t, |
| ) |
| defer runtime.Destroy(container) |
| |
| // Simulate 3 client attaching to the container and stop/restart |
| |
| stdout1, err := container.StdoutPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| stdout2, err := container.StdoutPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| stdout3, err := container.StdoutPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if err := container.Start(); err != nil { |
| t.Fatal(err) |
| } |
| l1, err := bufio.NewReader(stdout1).ReadString('\n') |
| if err != nil { |
| t.Fatal(err) |
| } |
| if strings.Trim(l1, " \r\n") != "hello" { |
| t.Fatalf("Unexpected output. Expected [%s], received [%s]", "hello", l1) |
| } |
| l2, err := bufio.NewReader(stdout2).ReadString('\n') |
| if err != nil { |
| t.Fatal(err) |
| } |
| if strings.Trim(l2, " \r\n") != "hello" { |
| t.Fatalf("Unexpected output. Expected [%s], received [%s]", "hello", l2) |
| } |
| l3, err := bufio.NewReader(stdout3).ReadString('\n') |
| if err != nil { |
| t.Fatal(err) |
| } |
| if strings.Trim(l3, " \r\n") != "hello" { |
| t.Fatalf("Unexpected output. Expected [%s], received [%s]", "hello", l3) |
| } |
| |
| if err := container.Stop(10); err != nil { |
| t.Fatal(err) |
| } |
| |
| stdout1, err = container.StdoutPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| stdout2, err = container.StdoutPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| stdout3, err = container.StdoutPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if err := container.Start(); err != nil { |
| t.Fatal(err) |
| } |
| |
| setTimeout(t, "Timeout reading from the process", 3*time.Second, func() { |
| l1, err = bufio.NewReader(stdout1).ReadString('\n') |
| if err != nil { |
| t.Fatal(err) |
| } |
| if strings.Trim(l1, " \r\n") != "hello" { |
| t.Fatalf("Unexpected output. Expected [%s], received [%s]", "hello", l1) |
| } |
| l2, err = bufio.NewReader(stdout2).ReadString('\n') |
| if err != nil { |
| t.Fatal(err) |
| } |
| if strings.Trim(l2, " \r\n") != "hello" { |
| t.Fatalf("Unexpected output. Expected [%s], received [%s]", "hello", l2) |
| } |
| l3, err = bufio.NewReader(stdout3).ReadString('\n') |
| if err != nil { |
| t.Fatal(err) |
| } |
| if strings.Trim(l3, " \r\n") != "hello" { |
| t.Fatalf("Unexpected output. Expected [%s], received [%s]", "hello", l3) |
| } |
| }) |
| container.Wait() |
| } |
| |
| func TestDiff(t *testing.T) { |
| eng := NewTestEngine(t) |
| runtime := mkRuntimeFromEngine(eng, t) |
| defer nuke(runtime) |
| // Create a container and remove a file |
| container1, _, _ := mkContainer(runtime, []string{"_", "/bin/rm", "/etc/passwd"}, t) |
| defer runtime.Destroy(container1) |
| |
| // The changelog should be empty and not fail before run. See #1705 |
| c, err := container1.Changes() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if len(c) != 0 { |
| t.Fatalf("Changelog should be empty before run") |
| } |
| |
| if err := container1.Run(); err != nil { |
| t.Fatal(err) |
| } |
| |
| // Check the changelog |
| c, err = container1.Changes() |
| if err != nil { |
| t.Fatal(err) |
| } |
| success := false |
| for _, elem := range c { |
| if elem.Path == "/etc/passwd" && elem.Kind == 2 { |
| success = true |
| } |
| } |
| if !success { |
| t.Fatalf("/etc/passwd as been removed but is not present in the diff") |
| } |
| |
| // Commit the container |
| img, err := runtime.Commit(container1, "", "", "unit test commited image - diff", "", nil) |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| // Create a new container from the commited image |
| container2, _, _ := mkContainer(runtime, []string{img.ID, "cat", "/etc/passwd"}, t) |
| defer runtime.Destroy(container2) |
| |
| if err := container2.Run(); err != nil { |
| t.Fatal(err) |
| } |
| |
| // Check the changelog |
| c, err = container2.Changes() |
| if err != nil { |
| t.Fatal(err) |
| } |
| for _, elem := range c { |
| if elem.Path == "/etc/passwd" { |
| t.Fatalf("/etc/passwd should not be present in the diff after commit.") |
| } |
| } |
| |
| // Create a new container |
| container3, _, _ := mkContainer(runtime, []string{"_", "rm", "/bin/httpd"}, t) |
| defer runtime.Destroy(container3) |
| |
| if err := container3.Run(); err != nil { |
| t.Fatal(err) |
| } |
| |
| // Check the changelog |
| c, err = container3.Changes() |
| if err != nil { |
| t.Fatal(err) |
| } |
| success = false |
| for _, elem := range c { |
| if elem.Path == "/bin/httpd" && elem.Kind == 2 { |
| success = true |
| } |
| } |
| if !success { |
| t.Fatalf("/bin/httpd should be present in the diff after commit.") |
| } |
| } |
| |
| func TestCommitAutoRun(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container1, _, _ := mkContainer(runtime, []string{"_", "/bin/sh", "-c", "echo hello > /world"}, t) |
| defer runtime.Destroy(container1) |
| |
| if container1.State.IsRunning() { |
| t.Errorf("Container shouldn't be running") |
| } |
| if err := container1.Run(); err != nil { |
| t.Fatal(err) |
| } |
| if container1.State.IsRunning() { |
| t.Errorf("Container shouldn't be running") |
| } |
| |
| img, err := runtime.Commit(container1, "", "", "unit test commited image", "", &docker.Config{Cmd: []string{"cat", "/world"}}) |
| if err != nil { |
| t.Error(err) |
| } |
| |
| // FIXME: Make a TestCommit that stops here and check docker.root/layers/img.id/world |
| container2, _, _ := mkContainer(runtime, []string{img.ID}, t) |
| defer runtime.Destroy(container2) |
| stdout, err := container2.StdoutPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| stderr, err := container2.StderrPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if err := container2.Start(); err != nil { |
| t.Fatal(err) |
| } |
| container2.Wait() |
| output, err := ioutil.ReadAll(stdout) |
| if err != nil { |
| t.Fatal(err) |
| } |
| output2, err := ioutil.ReadAll(stderr) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if err := stdout.Close(); err != nil { |
| t.Fatal(err) |
| } |
| if err := stderr.Close(); err != nil { |
| t.Fatal(err) |
| } |
| if string(output) != "hello\n" { |
| t.Fatalf("Unexpected output. Expected %s, received: %s (err: %s)", "hello\n", output, output2) |
| } |
| } |
| |
| func TestCommitRun(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| |
| container1, _, _ := mkContainer(runtime, []string{"_", "/bin/sh", "-c", "echo hello > /world"}, t) |
| defer runtime.Destroy(container1) |
| |
| if container1.State.IsRunning() { |
| t.Errorf("Container shouldn't be running") |
| } |
| if err := container1.Run(); err != nil { |
| t.Fatal(err) |
| } |
| if container1.State.IsRunning() { |
| t.Errorf("Container shouldn't be running") |
| } |
| |
| img, err := runtime.Commit(container1, "", "", "unit test commited image", "", nil) |
| if err != nil { |
| t.Error(err) |
| } |
| |
| // FIXME: Make a TestCommit that stops here and check docker.root/layers/img.id/world |
| container2, _, _ := mkContainer(runtime, []string{img.ID, "cat", "/world"}, t) |
| defer runtime.Destroy(container2) |
| stdout, err := container2.StdoutPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| stderr, err := container2.StderrPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if err := container2.Start(); err != nil { |
| t.Fatal(err) |
| } |
| container2.Wait() |
| output, err := ioutil.ReadAll(stdout) |
| if err != nil { |
| t.Fatal(err) |
| } |
| output2, err := ioutil.ReadAll(stderr) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if err := stdout.Close(); err != nil { |
| t.Fatal(err) |
| } |
| if err := stderr.Close(); err != nil { |
| t.Fatal(err) |
| } |
| if string(output) != "hello\n" { |
| t.Fatalf("Unexpected output. Expected %s, received: %s (err: %s)", "hello\n", output, output2) |
| } |
| } |
| |
| func TestStart(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container, _, _ := mkContainer(runtime, []string{"-i", "_", "/bin/cat"}, t) |
| defer runtime.Destroy(container) |
| |
| cStdin, err := container.StdinPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| if err := container.Start(); err != nil { |
| t.Fatal(err) |
| } |
| |
| // Give some time to the process to start |
| container.WaitTimeout(500 * time.Millisecond) |
| |
| if !container.State.IsRunning() { |
| t.Errorf("Container should be running") |
| } |
| if err := container.Start(); err == nil { |
| t.Fatalf("A running container should be able to be started") |
| } |
| |
| // Try to avoid the timeout in destroy. Best effort, don't check error |
| cStdin.Close() |
| container.WaitTimeout(2 * time.Second) |
| } |
| |
| func TestCpuShares(t *testing.T) { |
| _, err1 := os.Stat("/sys/fs/cgroup/cpuacct,cpu") |
| _, err2 := os.Stat("/sys/fs/cgroup/cpu,cpuacct") |
| if err1 == nil || err2 == nil { |
| t.Skip("Fixme. Setting cpu cgroup shares doesn't work in dind on a Fedora host. The lxc utils are confused by the cpu,cpuacct mount.") |
| } |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container, _, _ := mkContainer(runtime, []string{"-m", "33554432", "-c", "1000", "-i", "_", "/bin/cat"}, t) |
| defer runtime.Destroy(container) |
| |
| cStdin, err := container.StdinPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| if err := container.Start(); err != nil { |
| t.Fatal(err) |
| } |
| |
| // Give some time to the process to start |
| container.WaitTimeout(500 * time.Millisecond) |
| |
| if !container.State.IsRunning() { |
| t.Errorf("Container should be running") |
| } |
| if err := container.Start(); err == nil { |
| t.Fatalf("A running container should be able to be started") |
| } |
| |
| // Try to avoid the timeout in destroy. Best effort, don't check error |
| cStdin.Close() |
| container.WaitTimeout(2 * time.Second) |
| } |
| |
| func TestRun(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container, _, _ := mkContainer(runtime, []string{"_", "ls", "-al"}, t) |
| defer runtime.Destroy(container) |
| |
| if container.State.IsRunning() { |
| t.Errorf("Container shouldn't be running") |
| } |
| if err := container.Run(); err != nil { |
| t.Fatal(err) |
| } |
| if container.State.IsRunning() { |
| t.Errorf("Container shouldn't be running") |
| } |
| } |
| |
| func TestOutput(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container, _, err := runtime.Create( |
| &docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"echo", "-n", "foobar"}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| output, err := container.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if string(output) != "foobar" { |
| t.Fatalf("%s != %s", string(output), "foobar") |
| } |
| } |
| |
| func TestContainerNetwork(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container, _, err := runtime.Create( |
| &docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"ping", "-c", "1", "127.0.0.1"}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| if err := container.Run(); err != nil { |
| t.Fatal(err) |
| } |
| if code := container.State.GetExitCode(); code != 0 { |
| t.Fatalf("Unexpected ping 127.0.0.1 exit code %d (expected 0)", code) |
| } |
| } |
| |
| func TestKillDifferentUser(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| |
| container, _, err := runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"cat"}, |
| OpenStdin: true, |
| User: "daemon", |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| // FIXME @shykes: this seems redundant, but is very old, I'm leaving it in case |
| // there is a side effect I'm not seeing. |
| // defer container.stdin.Close() |
| |
| if container.State.IsRunning() { |
| t.Errorf("Container shouldn't be running") |
| } |
| if err := container.Start(); err != nil { |
| t.Fatal(err) |
| } |
| |
| setTimeout(t, "Waiting for the container to be started timed out", 2*time.Second, func() { |
| for !container.State.IsRunning() { |
| time.Sleep(10 * time.Millisecond) |
| } |
| }) |
| |
| setTimeout(t, "read/write assertion timed out", 2*time.Second, func() { |
| out, _ := container.StdoutPipe() |
| in, _ := container.StdinPipe() |
| if err := assertPipe("hello\n", "hello", out, in, 150); err != nil { |
| t.Fatal(err) |
| } |
| }) |
| |
| if err := container.Kill(); err != nil { |
| t.Fatal(err) |
| } |
| |
| if container.State.IsRunning() { |
| t.Errorf("Container shouldn't be running") |
| } |
| container.Wait() |
| if container.State.IsRunning() { |
| t.Errorf("Container shouldn't be running") |
| } |
| // Try stopping twice |
| if err := container.Kill(); err != nil { |
| t.Fatal(err) |
| } |
| } |
| |
| // Test that creating a container with a volume doesn't crash. Regression test for #995. |
| func TestCreateVolume(t *testing.T) { |
| eng := NewTestEngine(t) |
| runtime := mkRuntimeFromEngine(eng, t) |
| defer nuke(runtime) |
| |
| config, hc, _, err := docker.ParseRun([]string{"-v", "/var/lib/data", unitTestImageID, "echo", "hello", "world"}, nil) |
| if err != nil { |
| t.Fatal(err) |
| } |
| jobCreate := eng.Job("create") |
| if err := jobCreate.ImportEnv(config); err != nil { |
| t.Fatal(err) |
| } |
| var id string |
| jobCreate.Stdout.AddString(&id) |
| if err := jobCreate.Run(); err != nil { |
| t.Fatal(err) |
| } |
| jobStart := eng.Job("start", id) |
| if err := jobStart.ImportEnv(hc); err != nil { |
| t.Fatal(err) |
| } |
| if err := jobStart.Run(); err != nil { |
| t.Fatal(err) |
| } |
| // FIXME: this hack can be removed once Wait is a job |
| c := runtime.Get(id) |
| if c == nil { |
| t.Fatalf("Couldn't retrieve container %s from runtime", id) |
| } |
| c.WaitTimeout(500 * time.Millisecond) |
| c.Wait() |
| } |
| |
| func TestKill(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container, _, err := runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"sleep", "2"}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| |
| if container.State.IsRunning() { |
| t.Errorf("Container shouldn't be running") |
| } |
| if err := container.Start(); err != nil { |
| t.Fatal(err) |
| } |
| |
| // Give some time to lxc to spawn the process |
| container.WaitTimeout(500 * time.Millisecond) |
| |
| if !container.State.IsRunning() { |
| t.Errorf("Container should be running") |
| } |
| if err := container.Kill(); err != nil { |
| t.Fatal(err) |
| } |
| if container.State.IsRunning() { |
| t.Errorf("Container shouldn't be running") |
| } |
| container.Wait() |
| if container.State.IsRunning() { |
| t.Errorf("Container shouldn't be running") |
| } |
| // Try stopping twice |
| if err := container.Kill(); err != nil { |
| t.Fatal(err) |
| } |
| } |
| |
| func TestExitCode(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| |
| trueContainer, _, err := runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"/bin/true"}, |
| }, "") |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(trueContainer) |
| if err := trueContainer.Run(); err != nil { |
| t.Fatal(err) |
| } |
| if code := trueContainer.State.GetExitCode(); code != 0 { |
| t.Fatalf("Unexpected exit code %d (expected 0)", code) |
| } |
| |
| falseContainer, _, err := runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"/bin/false"}, |
| }, "") |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(falseContainer) |
| if err := falseContainer.Run(); err != nil { |
| t.Fatal(err) |
| } |
| if code := falseContainer.State.GetExitCode(); code != 1 { |
| t.Fatalf("Unexpected exit code %d (expected 1)", code) |
| } |
| } |
| |
| func TestRestart(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container, _, err := runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"echo", "-n", "foobar"}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| output, err := container.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if string(output) != "foobar" { |
| t.Error(string(output)) |
| } |
| |
| // Run the container again and check the output |
| output, err = container.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if string(output) != "foobar" { |
| t.Error(string(output)) |
| } |
| } |
| |
| func TestRestartStdin(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container, _, err := runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"cat"}, |
| |
| OpenStdin: true, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| |
| stdin, err := container.StdinPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| stdout, err := container.StdoutPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if err := container.Start(); err != nil { |
| t.Fatal(err) |
| } |
| if _, err := io.WriteString(stdin, "hello world"); err != nil { |
| t.Fatal(err) |
| } |
| if err := stdin.Close(); err != nil { |
| t.Fatal(err) |
| } |
| container.Wait() |
| output, err := ioutil.ReadAll(stdout) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if err := stdout.Close(); err != nil { |
| t.Fatal(err) |
| } |
| if string(output) != "hello world" { |
| t.Fatalf("Unexpected output. Expected %s, received: %s", "hello world", string(output)) |
| } |
| |
| // Restart and try again |
| stdin, err = container.StdinPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| stdout, err = container.StdoutPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if err := container.Start(); err != nil { |
| t.Fatal(err) |
| } |
| if _, err := io.WriteString(stdin, "hello world #2"); err != nil { |
| t.Fatal(err) |
| } |
| if err := stdin.Close(); err != nil { |
| t.Fatal(err) |
| } |
| container.Wait() |
| output, err = ioutil.ReadAll(stdout) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if err := stdout.Close(); err != nil { |
| t.Fatal(err) |
| } |
| if string(output) != "hello world #2" { |
| t.Fatalf("Unexpected output. Expected %s, received: %s", "hello world #2", string(output)) |
| } |
| } |
| |
| func TestUser(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| |
| // Default user must be root |
| container, _, err := runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"id"}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| output, err := container.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if !strings.Contains(string(output), "uid=0(root) gid=0(root)") { |
| t.Error(string(output)) |
| } |
| |
| // Set a username |
| container, _, err = runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"id"}, |
| |
| User: "root", |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| output, err = container.Output() |
| if code := container.State.GetExitCode(); err != nil || code != 0 { |
| t.Fatal(err) |
| } |
| if !strings.Contains(string(output), "uid=0(root) gid=0(root)") { |
| t.Error(string(output)) |
| } |
| |
| // Set a UID |
| container, _, err = runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"id"}, |
| |
| User: "0", |
| }, |
| "", |
| ) |
| if code := container.State.GetExitCode(); err != nil || code != 0 { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| output, err = container.Output() |
| if code := container.State.GetExitCode(); err != nil || code != 0 { |
| t.Fatal(err) |
| } |
| if !strings.Contains(string(output), "uid=0(root) gid=0(root)") { |
| t.Error(string(output)) |
| } |
| |
| // Set a different user by uid |
| container, _, err = runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"id"}, |
| |
| User: "1", |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| output, err = container.Output() |
| if err != nil { |
| t.Fatal(err) |
| } else if code := container.State.GetExitCode(); code != 0 { |
| t.Fatalf("Container exit code is invalid: %d\nOutput:\n%s\n", code, output) |
| } |
| if !strings.Contains(string(output), "uid=1(daemon) gid=1(daemon)") { |
| t.Error(string(output)) |
| } |
| |
| // Set a different user by username |
| container, _, err = runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"id"}, |
| |
| User: "daemon", |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| output, err = container.Output() |
| if code := container.State.GetExitCode(); err != nil || code != 0 { |
| t.Fatal(err) |
| } |
| if !strings.Contains(string(output), "uid=1(daemon) gid=1(daemon)") { |
| t.Error(string(output)) |
| } |
| |
| // Test an wrong username |
| container, _, err = runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"id"}, |
| |
| User: "unknownuser", |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| output, err = container.Output() |
| if container.State.GetExitCode() == 0 { |
| t.Fatal("Starting container with wrong uid should fail but it passed.") |
| } |
| } |
| |
| func TestMultipleContainers(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| |
| container1, _, err := runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"sleep", "2"}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container1) |
| |
| container2, _, err := runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"sleep", "2"}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container2) |
| |
| // Start both containers |
| if err := container1.Start(); err != nil { |
| t.Fatal(err) |
| } |
| if err := container2.Start(); err != nil { |
| t.Fatal(err) |
| } |
| |
| // Make sure they are running before trying to kill them |
| container1.WaitTimeout(250 * time.Millisecond) |
| container2.WaitTimeout(250 * time.Millisecond) |
| |
| // If we are here, both containers should be running |
| if !container1.State.IsRunning() { |
| t.Fatal("Container not running") |
| } |
| if !container2.State.IsRunning() { |
| t.Fatal("Container not running") |
| } |
| |
| // Kill them |
| if err := container1.Kill(); err != nil { |
| t.Fatal(err) |
| } |
| |
| if err := container2.Kill(); err != nil { |
| t.Fatal(err) |
| } |
| } |
| |
| func TestStdin(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container, _, err := runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"cat"}, |
| |
| OpenStdin: true, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| |
| stdin, err := container.StdinPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| stdout, err := container.StdoutPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if err := container.Start(); err != nil { |
| t.Fatal(err) |
| } |
| defer stdin.Close() |
| defer stdout.Close() |
| if _, err := io.WriteString(stdin, "hello world"); err != nil { |
| t.Fatal(err) |
| } |
| if err := stdin.Close(); err != nil { |
| t.Fatal(err) |
| } |
| container.Wait() |
| output, err := ioutil.ReadAll(stdout) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if string(output) != "hello world" { |
| t.Fatalf("Unexpected output. Expected %s, received: %s", "hello world", string(output)) |
| } |
| } |
| |
| func TestTty(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container, _, err := runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"cat"}, |
| |
| OpenStdin: true, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| |
| stdin, err := container.StdinPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| stdout, err := container.StdoutPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if err := container.Start(); err != nil { |
| t.Fatal(err) |
| } |
| defer stdin.Close() |
| defer stdout.Close() |
| if _, err := io.WriteString(stdin, "hello world"); err != nil { |
| t.Fatal(err) |
| } |
| if err := stdin.Close(); err != nil { |
| t.Fatal(err) |
| } |
| container.Wait() |
| output, err := ioutil.ReadAll(stdout) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if string(output) != "hello world" { |
| t.Fatalf("Unexpected output. Expected %s, received: %s", "hello world", string(output)) |
| } |
| } |
| |
| func TestEnv(t *testing.T) { |
| os.Setenv("TRUE", "false") |
| os.Setenv("TRICKY", "tri\ncky\n") |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| config, _, _, err := docker.ParseRun([]string{"-e=FALSE=true", "-e=TRUE", "-e=TRICKY", GetTestImage(runtime).ID, "env"}, nil) |
| if err != nil { |
| t.Fatal(err) |
| } |
| container, _, err := runtime.Create(config, "") |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| |
| stdout, err := container.StdoutPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer stdout.Close() |
| if err := container.Start(); err != nil { |
| t.Fatal(err) |
| } |
| container.Wait() |
| output, err := ioutil.ReadAll(stdout) |
| if err != nil { |
| t.Fatal(err) |
| } |
| actualEnv := strings.Split(string(output), "\n") |
| if actualEnv[len(actualEnv)-1] == "" { |
| actualEnv = actualEnv[:len(actualEnv)-1] |
| } |
| sort.Strings(actualEnv) |
| goodEnv := []string{ |
| "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", |
| "HOME=/", |
| "container=lxc", |
| "HOSTNAME=" + utils.TruncateID(container.ID), |
| "FALSE=true", |
| "TRUE=false", |
| "TRICKY=tri", |
| "cky", |
| "", |
| } |
| sort.Strings(goodEnv) |
| if len(goodEnv) != len(actualEnv) { |
| t.Fatalf("Wrong environment: should be %d variables, not: '%s'\n", len(goodEnv), strings.Join(actualEnv, ", ")) |
| } |
| for i := range goodEnv { |
| if actualEnv[i] != goodEnv[i] { |
| t.Fatalf("Wrong environment variable: should be %s, not %s", goodEnv[i], actualEnv[i]) |
| } |
| } |
| } |
| |
| func TestEntrypoint(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container, _, err := runtime.Create( |
| &docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Entrypoint: []string{"/bin/echo"}, |
| Cmd: []string{"-n", "foobar"}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| output, err := container.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if string(output) != "foobar" { |
| t.Error(string(output)) |
| } |
| } |
| |
| func TestEntrypointNoCmd(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container, _, err := runtime.Create( |
| &docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Entrypoint: []string{"/bin/echo", "foobar"}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| output, err := container.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if strings.Trim(string(output), "\r\n") != "foobar" { |
| t.Error(string(output)) |
| } |
| } |
| |
| func BenchmarkRunSequencial(b *testing.B) { |
| runtime := mkRuntime(b) |
| defer nuke(runtime) |
| for i := 0; i < b.N; i++ { |
| container, _, err := runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"echo", "-n", "foo"}, |
| }, |
| "", |
| ) |
| if err != nil { |
| b.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| output, err := container.Output() |
| if err != nil { |
| b.Fatal(err) |
| } |
| if string(output) != "foo" { |
| b.Fatalf("Unexpected output: %s", output) |
| } |
| if err := runtime.Destroy(container); err != nil { |
| b.Fatal(err) |
| } |
| } |
| } |
| |
| func BenchmarkRunParallel(b *testing.B) { |
| runtime := mkRuntime(b) |
| defer nuke(runtime) |
| |
| var tasks []chan error |
| |
| for i := 0; i < b.N; i++ { |
| complete := make(chan error) |
| tasks = append(tasks, complete) |
| go func(i int, complete chan error) { |
| container, _, err := runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"echo", "-n", "foo"}, |
| }, |
| "", |
| ) |
| if err != nil { |
| complete <- err |
| return |
| } |
| defer runtime.Destroy(container) |
| if err := container.Start(); err != nil { |
| complete <- err |
| return |
| } |
| if err := container.WaitTimeout(15 * time.Second); err != nil { |
| complete <- err |
| return |
| } |
| // if string(output) != "foo" { |
| // complete <- fmt.Errorf("Unexecpted output: %v", string(output)) |
| // } |
| if err := runtime.Destroy(container); err != nil { |
| complete <- err |
| return |
| } |
| complete <- nil |
| }(i, complete) |
| } |
| var errors []error |
| for _, task := range tasks { |
| err := <-task |
| if err != nil { |
| errors = append(errors, err) |
| } |
| } |
| if len(errors) > 0 { |
| b.Fatal(errors) |
| } |
| } |
| |
| func tempDir(t *testing.T) string { |
| tmpDir, err := ioutil.TempDir("", "docker-test-container") |
| if err != nil { |
| t.Fatal(err) |
| } |
| return tmpDir |
| } |
| |
| // Test for #1737 |
| func TestCopyVolumeUidGid(t *testing.T) { |
| eng := NewTestEngine(t) |
| r := mkRuntimeFromEngine(eng, t) |
| defer r.Nuke() |
| |
| // Add directory not owned by root |
| container1, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello && touch /hello/test.txt && chown daemon.daemon /hello"}, t) |
| defer r.Destroy(container1) |
| |
| if container1.State.IsRunning() { |
| t.Errorf("Container shouldn't be running") |
| } |
| if err := container1.Run(); err != nil { |
| t.Fatal(err) |
| } |
| if container1.State.IsRunning() { |
| t.Errorf("Container shouldn't be running") |
| } |
| |
| img, err := r.Commit(container1, "", "", "unit test commited image", "", nil) |
| if err != nil { |
| t.Error(err) |
| } |
| |
| // Test that the uid and gid is copied from the image to the volume |
| tmpDir1 := tempDir(t) |
| defer os.RemoveAll(tmpDir1) |
| stdout1, _ := runContainer(eng, r, []string{"-v", "/hello", img.ID, "stat", "-c", "%U %G", "/hello"}, t) |
| if !strings.Contains(stdout1, "daemon daemon") { |
| t.Fatal("Container failed to transfer uid and gid to volume") |
| } |
| } |
| |
| // Test for #1582 |
| func TestCopyVolumeContent(t *testing.T) { |
| eng := NewTestEngine(t) |
| r := mkRuntimeFromEngine(eng, t) |
| defer r.Nuke() |
| |
| // Put some content in a directory of a container and commit it |
| container1, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello/local && echo hello > /hello/local/world"}, t) |
| defer r.Destroy(container1) |
| |
| if container1.State.IsRunning() { |
| t.Errorf("Container shouldn't be running") |
| } |
| if err := container1.Run(); err != nil { |
| t.Fatal(err) |
| } |
| if container1.State.IsRunning() { |
| t.Errorf("Container shouldn't be running") |
| } |
| |
| img, err := r.Commit(container1, "", "", "unit test commited image", "", nil) |
| if err != nil { |
| t.Error(err) |
| } |
| |
| // Test that the content is copied from the image to the volume |
| tmpDir1 := tempDir(t) |
| defer os.RemoveAll(tmpDir1) |
| stdout1, _ := runContainer(eng, r, []string{"-v", "/hello", img.ID, "find", "/hello"}, t) |
| if !(strings.Contains(stdout1, "/hello/local/world") && strings.Contains(stdout1, "/hello/local")) { |
| t.Fatal("Container failed to transfer content to volume") |
| } |
| } |
| |
| func TestBindMounts(t *testing.T) { |
| eng := NewTestEngine(t) |
| r := mkRuntimeFromEngine(eng, t) |
| defer r.Nuke() |
| |
| tmpDir := tempDir(t) |
| defer os.RemoveAll(tmpDir) |
| writeFile(path.Join(tmpDir, "touch-me"), "", t) |
| |
| // Test reading from a read-only bind mount |
| stdout, _ := runContainer(eng, r, []string{"-v", fmt.Sprintf("%s:/tmp:ro", tmpDir), "_", "ls", "/tmp"}, t) |
| if !strings.Contains(stdout, "touch-me") { |
| t.Fatal("Container failed to read from bind mount") |
| } |
| |
| // test writing to bind mount |
| runContainer(eng, r, []string{"-v", fmt.Sprintf("%s:/tmp:rw", tmpDir), "_", "touch", "/tmp/holla"}, t) |
| readFile(path.Join(tmpDir, "holla"), t) // Will fail if the file doesn't exist |
| |
| // test mounting to an illegal destination directory |
| if _, err := runContainer(eng, r, []string{"-v", fmt.Sprintf("%s:.", tmpDir), "_", "ls", "."}, nil); err == nil { |
| t.Fatal("Container bind mounted illegal directory") |
| } |
| |
| // test mount a file |
| runContainer(eng, r, []string{"-v", fmt.Sprintf("%s/holla:/tmp/holla:rw", tmpDir), "_", "sh", "-c", "echo -n 'yotta' > /tmp/holla"}, t) |
| content := readFile(path.Join(tmpDir, "holla"), t) // Will fail if the file doesn't exist |
| if content != "yotta" { |
| t.Fatal("Container failed to write to bind mount file") |
| } |
| } |
| |
| // Test that -volumes-from supports both read-only mounts |
| func TestFromVolumesInReadonlyMode(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container, _, err := runtime.Create( |
| &docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"/bin/echo", "-n", "foobar"}, |
| Volumes: map[string]struct{}{"/test": {}}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| _, err = container.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if !container.VolumesRW["/test"] { |
| t.Fail() |
| } |
| |
| container2, _, err := runtime.Create( |
| &docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"/bin/echo", "-n", "foobar"}, |
| VolumesFrom: container.ID + ":ro", |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container2) |
| |
| _, err = container2.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| if container.Volumes["/test"] != container2.Volumes["/test"] { |
| t.Logf("container volumes do not match: %s | %s ", |
| container.Volumes["/test"], |
| container2.Volumes["/test"]) |
| t.Fail() |
| } |
| |
| _, exists := container2.VolumesRW["/test"] |
| if !exists { |
| t.Logf("container2 is missing '/test' volume: %s", container2.VolumesRW) |
| t.Fail() |
| } |
| |
| if container2.VolumesRW["/test"] != false { |
| t.Log("'/test' volume mounted in read-write mode, expected read-only") |
| t.Fail() |
| } |
| } |
| |
| // Test that VolumesRW values are copied to the new container. Regression test for #1201 |
| func TestVolumesFromReadonlyMount(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| container, _, err := runtime.Create( |
| &docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"/bin/echo", "-n", "foobar"}, |
| Volumes: map[string]struct{}{"/test": {}}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| _, err = container.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if !container.VolumesRW["/test"] { |
| t.Fail() |
| } |
| |
| container2, _, err := runtime.Create( |
| &docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"/bin/echo", "-n", "foobar"}, |
| VolumesFrom: container.ID, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container2) |
| |
| _, err = container2.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| if container.Volumes["/test"] != container2.Volumes["/test"] { |
| t.Fail() |
| } |
| |
| actual, exists := container2.VolumesRW["/test"] |
| if !exists { |
| t.Fail() |
| } |
| |
| if container.VolumesRW["/test"] != actual { |
| t.Fail() |
| } |
| } |
| |
| // Test that restarting a container with a volume does not create a new volume on restart. Regression test for #819. |
| func TestRestartWithVolumes(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| |
| container, _, err := runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"echo", "-n", "foobar"}, |
| Volumes: map[string]struct{}{"/test": {}}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| |
| for key := range container.Config.Volumes { |
| if key != "/test" { |
| t.Fail() |
| } |
| } |
| |
| _, err = container.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| expected := container.Volumes["/test"] |
| if expected == "" { |
| t.Fail() |
| } |
| // Run the container again to verify the volume path persists |
| _, err = container.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| actual := container.Volumes["/test"] |
| if expected != actual { |
| t.Fatalf("Expected volume path: %s Actual path: %s", expected, actual) |
| } |
| } |
| |
| // Test for #1351 |
| func TestVolumesFromWithVolumes(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| |
| container, _, err := runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"sh", "-c", "echo -n bar > /test/foo"}, |
| Volumes: map[string]struct{}{"/test": {}}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| |
| for key := range container.Config.Volumes { |
| if key != "/test" { |
| t.Fail() |
| } |
| } |
| |
| _, err = container.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| expected := container.Volumes["/test"] |
| if expected == "" { |
| t.Fail() |
| } |
| |
| container2, _, err := runtime.Create( |
| &docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"cat", "/test/foo"}, |
| VolumesFrom: container.ID, |
| Volumes: map[string]struct{}{"/test": {}}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container2) |
| |
| output, err := container2.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| if string(output) != "bar" { |
| t.Fail() |
| } |
| |
| if container.Volumes["/test"] != container2.Volumes["/test"] { |
| t.Fail() |
| } |
| |
| // Ensure it restarts successfully |
| _, err = container2.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| } |
| |
| func TestOnlyLoopbackExistsWhenUsingDisableNetworkOption(t *testing.T) { |
| eng := NewTestEngine(t) |
| runtime := mkRuntimeFromEngine(eng, t) |
| defer nuke(runtime) |
| |
| config, hc, _, err := docker.ParseRun([]string{"-n=false", GetTestImage(runtime).ID, "ip", "addr", "show"}, nil) |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| jobCreate := eng.Job("create") |
| if err := jobCreate.ImportEnv(config); err != nil { |
| t.Fatal(err) |
| } |
| var id string |
| jobCreate.Stdout.AddString(&id) |
| if err := jobCreate.Run(); err != nil { |
| t.Fatal(err) |
| } |
| // FIXME: this hack can be removed once Wait is a job |
| c := runtime.Get(id) |
| if c == nil { |
| t.Fatalf("Couldn't retrieve container %s from runtime", id) |
| } |
| stdout, err := c.StdoutPipe() |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| jobStart := eng.Job("start", id) |
| if err := jobStart.ImportEnv(hc); err != nil { |
| t.Fatal(err) |
| } |
| if err := jobStart.Run(); err != nil { |
| t.Fatal(err) |
| } |
| |
| c.WaitTimeout(500 * time.Millisecond) |
| c.Wait() |
| output, err := ioutil.ReadAll(stdout) |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| interfaces := regexp.MustCompile(`(?m)^[0-9]+: [a-zA-Z0-9]+`).FindAllString(string(output), -1) |
| if len(interfaces) != 1 { |
| t.Fatalf("Wrong interface count in test container: expected [*: lo], got %s", interfaces) |
| } |
| if !strings.HasSuffix(interfaces[0], ": lo") { |
| t.Fatalf("Wrong interface in test container: expected [*: lo], got %s", interfaces) |
| } |
| } |
| |
| func TestPrivilegedCanMknod(t *testing.T) { |
| eng := NewTestEngine(t) |
| runtime := mkRuntimeFromEngine(eng, t) |
| defer runtime.Nuke() |
| if output, _ := runContainer(eng, runtime, []string{"-privileged", "_", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok"}, t); output != "ok\n" { |
| t.Fatal("Could not mknod into privileged container") |
| } |
| } |
| |
| func TestPrivilegedCanMount(t *testing.T) { |
| eng := NewTestEngine(t) |
| runtime := mkRuntimeFromEngine(eng, t) |
| defer runtime.Nuke() |
| if output, _ := runContainer(eng, runtime, []string{"-privileged", "_", "sh", "-c", "mount -t tmpfs none /tmp && echo ok"}, t); output != "ok\n" { |
| t.Fatal("Could not mount into privileged container") |
| } |
| } |
| |
| func TestPrivilegedCannotMknod(t *testing.T) { |
| eng := NewTestEngine(t) |
| runtime := mkRuntimeFromEngine(eng, t) |
| defer runtime.Nuke() |
| if output, _ := runContainer(eng, runtime, []string{"_", "sh", "-c", "mknod /tmp/sda b 8 0 || echo ok"}, t); output != "ok\n" { |
| t.Fatal("Could mknod into secure container") |
| } |
| } |
| |
| func TestPrivilegedCannotMount(t *testing.T) { |
| eng := NewTestEngine(t) |
| runtime := mkRuntimeFromEngine(eng, t) |
| defer runtime.Nuke() |
| if output, _ := runContainer(eng, runtime, []string{"_", "sh", "-c", "mount -t tmpfs none /tmp || echo ok"}, t); output != "ok\n" { |
| t.Fatal("Could mount into secure container") |
| } |
| } |
| |
| func TestMultipleVolumesFrom(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| |
| container, _, err := runtime.Create(&docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"sh", "-c", "echo -n bar > /test/foo"}, |
| Volumes: map[string]struct{}{"/test": {}}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container) |
| |
| for key := range container.Config.Volumes { |
| if key != "/test" { |
| t.Fail() |
| } |
| } |
| |
| _, err = container.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| expected := container.Volumes["/test"] |
| if expected == "" { |
| t.Fail() |
| } |
| |
| container2, _, err := runtime.Create( |
| &docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"sh", "-c", "echo -n bar > /other/foo"}, |
| Volumes: map[string]struct{}{"/other": {}}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container2) |
| |
| for key := range container2.Config.Volumes { |
| if key != "/other" { |
| t.FailNow() |
| } |
| } |
| if _, err := container2.Output(); err != nil { |
| t.Fatal(err) |
| } |
| |
| container3, _, err := runtime.Create( |
| &docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"/bin/echo", "-n", "foobar"}, |
| VolumesFrom: strings.Join([]string{container.ID, container2.ID}, ","), |
| }, "") |
| |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer runtime.Destroy(container3) |
| |
| if _, err := container3.Output(); err != nil { |
| t.Fatal(err) |
| } |
| |
| if container3.Volumes["/test"] != container.Volumes["/test"] { |
| t.Fail() |
| } |
| if container3.Volumes["/other"] != container2.Volumes["/other"] { |
| t.Fail() |
| } |
| } |
| |
| func TestRestartGhost(t *testing.T) { |
| runtime := mkRuntime(t) |
| defer nuke(runtime) |
| |
| container, _, err := runtime.Create( |
| &docker.Config{ |
| Image: GetTestImage(runtime).ID, |
| Cmd: []string{"sh", "-c", "echo -n bar > /test/foo"}, |
| Volumes: map[string]struct{}{"/test": {}}, |
| }, |
| "", |
| ) |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| if err := container.Kill(); err != nil { |
| t.Fatal(err) |
| } |
| |
| container.State.SetGhost(true) |
| |
| _, err = container.Output() |
| if err != nil { |
| t.Fatal(err) |
| } |
| } |