docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update tests 

Signed-off-by: Victor Vieux <vieux@docker.com>
This commit is contained in:
Victor Vieux 2014-09-30 19:10:03 +00:00
parent 226bc669aa
commit 08547dff29
3 changed files with 68 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
daemon/daemon.go
View File

@ -527,11 +527,35 @@ func (daemon *Daemon) getEntrypointAndArgs(configEntrypoint, configCmd []string)
return entrypoint, args return entrypoint, args
} }
func parseSecurityOpt(container *Container, config *runconfig.Config) error {
var (
label_opts []string
err error
)
for _, opt := range config.SecurityOpt {
con := strings.SplitN(opt, ":", 2)
if len(con) == 1 {
return fmt.Errorf("Invalid --security-opt: %q", opt)
}
switch con[0] {
case "label":
label_opts = append(label_opts, con[1])
case "apparmor":
container.AppArmorProfile = con[1]
default:
return fmt.Errorf("Invalid --security-opt: %q", opt)
}
}
container.ProcessLabel, container.MountLabel, err = label.InitLabels(label_opts)
return err
}
func (daemon *Daemon) newContainer(name string, config *runconfig.Config, img *image.Image) (*Container, error) { func (daemon *Daemon) newContainer(name string, config *runconfig.Config, img *image.Image) (*Container, error) {
var ( var (
id string id string
err error err error
label_opts []string
) )
id, name, err = daemon.generateIdAndName(name) id, name, err = daemon.generateIdAndName(name)
if err != nil { if err != nil {
@ -558,26 +582,8 @@ func (daemon *Daemon) newContainer(name string, config *runconfig.Config, img *i
execCommands: newExecStore(), execCommands: newExecStore(),
} }
container.root = daemon.containerRoot(container.ID) container.root = daemon.containerRoot(container.ID)
err = parseSecurityOpt(container, config)
for _, opt := range config.SecurityOpt { return container, err
con := strings.SplitN(opt, ":", 2)
if len(con) == 1 {
return nil, fmt.Errorf("Invalid --security-opt: %q", opt)
}
switch con[0] {
case "label":
label_opts = append(label_opts, con[1])
case "apparmor":
container.AppArmorProfile = con[1]
default:
return nil, fmt.Errorf("Invalid --security-opt: %q", opt)
}
}
if container.ProcessLabel, container.MountLabel, err = label.InitLabels(label_opts); err != nil {
return nil, err
}
return container, nil
} }
func (daemon *Daemon) createRootfs(container *Container, img *image.Image) error { func (daemon *Daemon) createRootfs(container *Container, img *image.Image) error {

39
daemon/daemon_unit_test.go Normal file
View File

@ -0,0 +1,39 @@
package daemon
import (
"testing"
"github.com/docker/docker/runconfig"
)
func TestParseSecurityOpt(t *testing.T) {
container := &Container{}
config := &runconfig.Config{}
// test apparmor
config.SecurityOpt = []string{"apparmor:test_profile"}
if err := parseSecurityOpt(container, config); err != nil {
t.Fatalf("Unexpected parseSecurityOpt error: %v", err)
}
if container.AppArmorProfile != "test_profile" {
t.Fatalf("Unexpected AppArmorProfile, expected: \"test_profile\", got %q", container.AppArmorProfile)
}
// test valid label
config.SecurityOpt = []string{"label:user:USER"}
if err := parseSecurityOpt(container, config); err != nil {
t.Fatalf("Unexpected parseSecurityOpt error: %v", err)
}
// test invalid label
config.SecurityOpt = []string{"label"}
if err := parseSecurityOpt(container, config); err == nil {
t.Fatal("Expected parseSecurityOpt error, got nil")
}
// test invalid opt
config.SecurityOpt = []string{"test"}
if err := parseSecurityOpt(container, config); err == nil {
t.Fatal("Expected parseSecurityOpt error, got nil")
}
}

37
integration-cli/docker_cli_run_test.go
View File

@ -19,7 +19,6 @@ import (
"github.com/docker/docker/pkg/mount" "github.com/docker/docker/pkg/mount"
"github.com/docker/docker/pkg/networkfs/resolvconf" "github.com/docker/docker/pkg/networkfs/resolvconf"
"github.com/docker/libcontainer/label"
"github.com/kr/pty" "github.com/kr/pty"
) )
@ -1720,42 +1719,6 @@ func TestRunWriteResolvFileAndNotCommit(t *testing.T) {
logDone("run - write to /etc/resolv.conf and not commited") logDone("run - write to /etc/resolv.conf and not commited")
} }
func TestRunSecurityOptLevel(t *testing.T) {
plabel, _, _ := label.InitLabels(nil)
if plabel != "" {
defer deleteAllContainers()
cmd := exec.Command(dockerBinary, "run", "--security-opt", "label:level:s0:c0,c100", "busybox", "ps", "-eZ")
out, _, err := runCommandWithOutput(cmd)
if err != nil {
t.Fatal(err, out)
}
id := strings.TrimSpace(out)
if !strings.ContainsAny(id, "s0:c0,c100") {
t.Fatal("security-opt label:level:s0:c0,c100 failed")
}
}
logDone("run - security-opt label:level")
}
func TestRunSecurityOptDisable(t *testing.T) {
plabel, _, _ := label.InitLabels(nil)
if plabel != "" {
defer deleteAllContainers()
cmd := exec.Command(dockerBinary, "run", "--security-opt", "label:disable", "busybox", "ps", "-eZ")
out, _, err := runCommandWithOutput(cmd)
if err != nil {
t.Fatal(err, out)
}
id := strings.TrimSpace(out)
if !strings.ContainsAny(id, "svirt") {
t.Fatal("security-opt label:level:disable failed")
}
}
logDone("run - security-opt label:disable")
}
func TestRunWithBadDevice(t *testing.T) { func TestRunWithBadDevice(t *testing.T) {
name := "baddevice" name := "baddevice"
cmd := exec.Command(dockerBinary, "run", "--name", name, "--device", "/etc", "busybox", "true") cmd := exec.Command(dockerBinary, "run", "--name", name, "--device", "/etc", "busybox", "true")