docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13346 from mrjana/cnm_integ 

Fix network connectivity problem for non-root users
This commit is contained in:
Alexander Morozov 2015-05-20 12:02:07 -07:00
parent 76a5fb3e1e afd901e408
commit dec13cef2a
4 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hack/vendor.sh
View File

@ -55,7 +55,7 @@ clone hg code.google.com/p/go.net 84a4013f96e0
clone hg code.google.com/p/gosqlite 74691fb6f837 clone hg code.google.com/p/gosqlite 74691fb6f837
#get libnetwork packages #get libnetwork packages
clone git github.com/docker/libnetwork v0.2 clone git github.com/docker/libnetwork b39597744b0978fe4aeb9f3a099ba42f7b6c4a1f
clone git github.com/vishvananda/netns 008d17ae001344769b031375bdb38a86219154c6 clone git github.com/vishvananda/netns 008d17ae001344769b031375bdb38a86219154c6
clone git github.com/vishvananda/netlink 8eb64238879fed52fd51c5b30ad20b928fb4c36c clone git github.com/vishvananda/netlink 8eb64238879fed52fd51c5b30ad20b928fb4c36c

26
integration-cli/docker_cli_run_test.go
View File

@ -1455,6 +1455,32 @@ func (s *DockerSuite) TestRunDnsOptionsBasedOnHostResolvConf(c *check.C) {
} }
} }
// Test to see if a non-root user can resolve a DNS name and reach out to it. Also
// check if the container resolv.conf file has atleast 0644 perm.
func (s *DockerSuite) TestRunNonRootUserResolvName(c *check.C) {
testRequires(c, SameHostDaemon)
cmd := exec.Command(dockerBinary, "run", "--name=testperm", "--user=default", "busybox", "ping", "-c", "1", "www.docker.io")
if out, err := runCommand(cmd); err != nil {
c.Fatal(err, out)
}
cID, err := getIDByName("testperm")
if err != nil {
c.Fatal(err)
}
fmode := (os.FileMode)(0644)
finfo, err := os.Stat(containerStorageFile(cID, "resolv.conf"))
if err != nil {
c.Fatal(err)
}
if (finfo.Mode() & fmode) != fmode {
c.Fatalf("Expected container resolv.conf mode to be atleast %s, instead got %s", fmode.String(), finfo.Mode().String())
}
}
// Test if container resolv.conf gets updated the next time it restarts // Test if container resolv.conf gets updated the next time it restarts
// if host /etc/resolv.conf has changed. This only applies if the container // if host /etc/resolv.conf has changed. This only applies if the container
// uses the host's /etc/resolv.conf and does not have any dns options provided. // uses the host's /etc/resolv.conf and does not have any dns options provided.

5
vendor/src/github.com/docker/libnetwork/endpoint.go vendored
View File

@ -548,6 +548,11 @@ func (ep *endpoint) updateDNS(resolvConf []byte) error {
return err return err
} }
// Change the perms to 0644 since ioutil.TempFile creates it by default as 0600
if err := os.Chmod(tmpResolvFile.Name(), 0644); err != nil {
return err
}
// write the updates to the temp files // write the updates to the temp files
if err = ioutil.WriteFile(tmpHashFile.Name(), []byte(newHash), 0644); err != nil { if err = ioutil.WriteFile(tmpHashFile.Name(), []byte(newHash), 0644); err != nil {
return err return err

10
vendor/src/github.com/docker/libnetwork/libnetwork_test.go vendored
View File

@ -1137,6 +1137,16 @@ func TestResolvConf(t *testing.T) {
} }
}() }()
finfo, err := os.Stat(resolvConfPath)
if err != nil {
t.Fatal(err)
}
fmode := (os.FileMode)(0644)
if finfo.Mode() != fmode {
t.Fatalf("Expected file mode %s, got %s", fmode.String(), finfo.Mode().String())
}
content, err := ioutil.ReadFile(resolvConfPath) content, err := ioutil.ReadFile(resolvConfPath)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)