Граф коммитов

669 Коммитов

Автор SHA1 Сообщение Дата
John Howard 1293303bda Disable TestRunServicingContainer on RS4+ builds
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-11-28 10:29:43 -08:00
Sebastiaan van Stijn 7d8affa3ef
Merge pull request #35344 from rhatdan/readonly-/dev
/dev should not be readonly with --readonly flag
2017-11-03 12:54:51 +01:00
Daniel J Walsh 5f3bd2473e /dev should not be readonly with --readonly flag
/dev is mounted on a tmpfs inside of a container.  Processes inside of containers
some times need to create devices nodes, or to setup a socket that listens on /dev/log
Allowing these containers to run with the --readonly flag makes sense.  Making a tmpfs
readonly does not add any security to the container, since there is plenty of places
where the container can write tmpfs content.

I have no idea why /dev was excluded.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-11-02 10:28:51 -04:00
Phil Estes 42716dcf5c
Only chown network files within container metadata
If the user specifies a mountpath from the host, we should not be
attempting to chown files outside the daemon's metadata directory
(represented by `daemon.repository` at init time).

This forces users who want to use user namespaces to handle the
ownership needs of any external files mounted as network files
(/etc/resolv.conf, /etc/hosts, /etc/hostname) separately from the
daemon. In all other volume/bind mount situations we have taken this
same line--we don't chown host file content.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
2017-11-01 10:14:01 -04:00
Sebastiaan van Stijn ba3bf8191e
Merge pull request #35313 from charrywanganthony/RandomAlpha
Separate the GenerateRandomAlphaOnlyString function from stringutils
2017-10-29 22:33:57 +01:00
chaowang 7c35a24182 Separate the GenerateRandomAlphaOnlyString function from stringutils
Signed-off-by: chaowang <chaowang@localhost.localdomain>
2017-10-28 09:03:02 +08:00
Kenfe-Mickael Laventure ddae20c032
Update libcontainerd to use containerd 1.0
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-10-20 07:11:37 -07:00
John Howard 9e587fa72b Windows: RS3: Temporarily disable TestRunAttachFailedNoLeak
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-09-28 10:15:58 -07:00
Christopher Crone b7d8d2c4ab Various fixes
Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2017-09-15 16:01:15 +02:00
Christopher Crone 0bdba0e91a Use TLS for tests if needed
Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2017-09-14 19:27:09 +02:00
Christopher Crone dc6ddfa841 Fix tests that depend on clean environment
Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2017-09-14 19:27:09 +02:00
Daniel Nephin fff605c3b3 Fix a bad assumption
If the empty variable happens to be sorted to the end of the list then TrimSpace()
would remove it. Instead only strip the single trailing newline.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-09-06 17:32:56 -04:00
Daniel Nephin f85ef42ea5 Refactor test environment
split all non-cli portions into a new internal/test/environment package

Set a test environment on packages instead of creating new ones.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-30 13:13:18 -04:00
Daniel Nephin 92427b3a81 Update tests to use icmd
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-25 12:07:30 -04:00
Daniel Nephin 9db68f4dea Remove RandomTmpDirPath
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-22 17:15:26 -04:00
Daniel Nephin e8bd671815 Remove testutil.ParseCgroupPaths
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-22 17:15:26 -04:00
Daniel Nephin 1455086c4b Remove ConsumeWithSpeed
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-22 17:15:26 -04:00
Christophe Vidal dffa5d6df2 Dropped hyphen in bind mount where appropriate
Signed-off-by: Christophe Vidal <kriss@krizalys.com>
2017-08-19 21:25:07 +07:00
John Starks 54354db850 Windows: Add named pipe mount support
Current insider builds of Windows have support for mounting individual
named pipe servers from the host to the guest. This allows, for example,
exposing the docker engine's named pipe to a container.

This change allows the user to request such a mount via the normal bind
mount syntax in the CLI:

  docker run -v \\.\pipe\docker_engine:\\.\pipe\docker_engine <args>

Signed-off-by: John Starks <jostarks@microsoft.com>
2017-08-07 11:34:36 -07:00
Vincent Demeester b0ba39d431
Use `cli` for trusted relate command
This also removed some skipped test (that are skipped for a long while).

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-04-19 14:04:39 +02:00
Vincent Demeester db35c2a5a8 Introduce `cli.Wait*` fuctions
These replace `wait*` functions from `docker_utils_test.go` and work
more or less like other `cli` functions.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-04-14 19:27:33 +02:00
Vincent Demeester 10e171cd94 Clean some function in docker_utils_test.go
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-04-12 11:22:32 +02:00
Vincent Demeester 56fb4653e8
Move FakeContext to `integration-cli/cli/build/context` package…
… and continue emptying `docker_utils_test.go` from build related function.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-04-11 18:25:49 +02:00
Akihiro Suda 77fe35b3b9 cli: add `--mount` to `docker run`
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-04-05 04:52:08 +00:00
Vincent Demeester eeaa6c96d8
[test-integration] Migrate some more tests to `cli` package
Add some required command operators to the `cli` package, and update
some tests to use this package, in order to remove a few functions
from `docker_utils_test.go`

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-03-28 15:17:31 +02:00
Vincent Demeester 50c4475df6
Introduce a `cli` package for test-integration
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-03-23 18:35:22 +01:00
Sebastiaan van Stijn b3e4412ab4
Add integration tests for client- and daemon-side auto-remove
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 32dbb5c46569fbd404a88775c5eb58b5da0b9240)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-03-10 11:04:00 +01:00
Vincent Demeester 5dd89abdf1
Ignore no such container in testEnv.Clean
When moving the clean function there, this check was not ported and
generated some errors on the CI. `deleteContainer` now fail if any
error but the clean function won't if "no such container" (because of
some races -_-).

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-03-03 15:57:27 +01:00
Victor Vieux c3b660b112 Merge pull request #30654 from Microsoft/jjh/unifyworkdir
Windows: Unify workdir handling
2017-02-03 00:37:54 -08:00
John Howard f42033ba94 Windows: Unify workdir handling
Signed-off-by: John Howard <jhoward@microsoft.com>

Working directory processing was handled differently for Hyper-V and Windows-Server containers, as annotated in the builder documentation (updated in this PR). For Hyper-V containers, the working directory set by WORKDIR was not created. This PR makes Hyper-V containers work the same as Windows Server containers (and the same as Linux).

Example (only applies to Hyper-V containers, so not reproducible under CI environment)
Dockerfile:
FROM microsoft/nanoserver
WORKDIR c:\installer
ENV GOROOT=c:\installer
ADD go.exe .
RUN go --help
Running on Windows Server 2016, using docker master without this change, but with daemon set to --exec-opt isolation=hyperv as it would be for Client operating systems.
PS E:\go\src\github.com\docker\docker> dockerd -g c:\control --exec-opt isolation=hyperv
time="2017-02-01T15:48:09.657286100-08:00" level=info msg="Windows default isolation mode: hyperv"
time="2017-02-01T15:48:09.662720900-08:00" level=info msg="[graphdriver] using prior storage driver: windowsfilter"
time="2017-02-01T15:48:10.011588000-08:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
time="2017-02-01T15:48:10.016655800-08:00" level=info msg="Loading containers: start."
time="2017-02-01T15:48:10.460820000-08:00" level=info msg="Loading containers: done."
time="2017-02-01T15:48:10.509859600-08:00" level=info msg="Daemon has completed initialization"
time="2017-02-01T15:48:10.509859600-08:00" level=info msg="Docker daemon" commit=3c64061 graphdriver=windowsfilter version=1.14.0-dev
First with no explicit isolation:
PS E:\docker\build\unifyworkdir> docker build --no-cache .
Sending build context to Docker daemon  10.1 MB
Step 1/5 : FROM microsoft/nanoserver
 ---> 89b8556cb9ca
Step 2/5 : WORKDIR c:\installer
 ---> 7e0f41d08204
Removing intermediate container 236c7802042a
Step 3/5 : ENV GOROOT c:\installer
 ---> Running in 8ea5237183c1
 ---> 394b70435261
Removing intermediate container 8ea5237183c1
Step 4/5 : ADD go.exe .
 ---> e47401a1745c
Removing intermediate container 88dcc28e74b1
Step 5/5 : RUN go --help
 ---> Running in efe90e1b6b8b
container efe90e1b6b8b76586abc5c1dc0e2797b75adc26517c48733d90651e767c8463b encountered an error during CreateProcess: failure in a Windows system call: The directory name is invalid. (0x10b) extra info: {"ApplicationName":"","CommandLine":"cmd /S /C go --help","User":"","WorkingDirectory":"C:\\installer","Environment":{"GOROOT":"c:\\installer"},"EmulateConsole":false,"CreateStdInPipe":true,"CreateStdOutPipe":true,"CreateStdErrPipe":true,"ConsoleSize":[0,0]}
PS E:\docker\build\unifyworkdir>
Then forcing process isolation:
PS E:\docker\build\unifyworkdir> docker build --isolation=process --no-cache .
Sending build context to Docker daemon  10.1 MB
Step 1/5 : FROM microsoft/nanoserver
 ---> 89b8556cb9ca
Step 2/5 : WORKDIR c:\installer
 ---> 350c955980c8
Removing intermediate container 8339c1e9250c
Step 3/5 : ENV GOROOT c:\installer
 ---> Running in bde511c5e3e0
 ---> b8820063b5b6
Removing intermediate container bde511c5e3e0
Step 4/5 : ADD go.exe .
 ---> e4ac32f8902b
Removing intermediate container d586e8492eda
Step 5/5 : RUN go --help
 ---> Running in 9e1aa235af5f
Cannot mkdir: C:\installer is not a directory
PS E:\docker\build\unifyworkdir>
Now compare the same results after this PR. Again, first with no explicit isolation (defaulting to Hyper-V containers as that's what the daemon it set to) - note it now succeeds 😄
PS E:\docker\build\unifyworkdir> docker build --no-cache .
Sending build context to Docker daemon  10.1 MB
Step 1/5 : FROM microsoft/nanoserver
 ---> 89b8556cb9ca
Step 2/5 : WORKDIR c:\installer
 ---> 4f319f301c69
Removing intermediate container 61b9c0b1ff6f
Step 3/5 : ENV GOROOT c:\installer
 ---> Running in c464a1d612d8
 ---> 96a26ab9a7b5
Removing intermediate container c464a1d612d8
Step 4/5 : ADD go.exe .
 ---> 0290d61faf57
Removing intermediate container dc5a085fffe3
Step 5/5 : RUN go --help
 ---> Running in 60bd56042ff8
Go is a tool for managing Go source code.

Usage:

        go command [arguments]

The commands are:

        build       compile packages and dependencies
        clean       remove object files
        doc         show documentation for package or symbol
        env         print Go environment information
        fix         run go tool fix on packages
        fmt         run gofmt on package sources
        generate    generate Go files by processing source
        get         download and install packages and dependencies
        install     compile and install packages and dependencies
        list        list packages
        run         compile and run Go program
        test        test packages
        tool        run specified go tool
        version     print Go version
        vet         run go tool vet on packages

Use "go help [command]" for more information about a command.

Additional help topics:

        c           calling between Go and C
        buildmode   description of build modes
        filetype    file types
        gopath      GOPATH environment variable
        environment environment variables
        importpath  import path syntax
        packages    description of package lists
        testflag    description of testing flags
        testfunc    description of testing functions

Use "go help [topic]" for more information about that topic.

The command 'cmd /S /C go --help' returned a non-zero code: 2
And the same with forcing process isolation. Also works 😄
PS E:\docker\build\unifyworkdir> docker build --isolation=process --no-cache .
Sending build context to Docker daemon  10.1 MB
Step 1/5 : FROM microsoft/nanoserver
 ---> 89b8556cb9ca
Step 2/5 : WORKDIR c:\installer
 ---> f423b9cc3e78
Removing intermediate container 41330c88893d
Step 3/5 : ENV GOROOT c:\installer
 ---> Running in 0b99a2d7bf19
 ---> e051144bf8ec
Removing intermediate container 0b99a2d7bf19
Step 4/5 : ADD go.exe .
 ---> 7072e32b7c37
Removing intermediate container a7a97aa37fd1
Step 5/5 : RUN go --help
 ---> Running in 7097438a54e5
Go is a tool for managing Go source code.

Usage:

        go command [arguments]

The commands are:

        build       compile packages and dependencies
        clean       remove object files
        doc         show documentation for package or symbol
        env         print Go environment information
        fix         run go tool fix on packages
        fmt         run gofmt on package sources
        generate    generate Go files by processing source
        get         download and install packages and dependencies
        install     compile and install packages and dependencies
        list        list packages
        run         compile and run Go program
        test        test packages
        tool        run specified go tool
        version     print Go version
        vet         run go tool vet on packages

Use "go help [command]" for more information about a command.

Additional help topics:

        c           calling between Go and C
        buildmode   description of build modes
        filetype    file types
        gopath      GOPATH environment variable
        environment environment variables
        importpath  import path syntax
        packages    description of package lists
        testflag    description of testing flags
        testfunc    description of testing functions

Use "go help [topic]" for more information about that topic.

The command 'cmd /S /C go --help' returned a non-zero code: 2
PS E:\docker\build\unifyworkdir>
2017-02-02 11:25:07 -08:00
John Howard ffbe4b6ff1 Windows: Test for run as local system
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-02-01 18:37:44 -08:00
Vincent Demeester 27f90acd61 Merge pull request #22563 from mlaventure/cgroup-devices
Allow adding rules to cgroup devices.allow on container create/run
2017-02-01 16:29:34 +01:00
Vincent Demeester ecbb0e62f6 Remove most of the runCommandWithOutput from integration tests
There is 5 calls left, that use StdinPipe that is not yet supported by
icmd.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-30 10:54:06 +01:00
Kenfe-Mickael Laventure 1756af6faf Allow adding rules to cgroup devices.allow on container create/run
This introduce a new `--device-cgroup-rule` flag that allow a user to
add one or more entry to the container cgroup device `devices.allow`

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-01-26 07:20:45 -08:00
Aaron Lehmann e9c0de0de6 Merge pull request #30043 from dmcgowan/distribution-reference-update-1
Distribution reference update
2017-01-24 20:38:20 -08:00
Sebastiaan van Stijn ba0afd70e8 fix some ineffectual assignments
to make goreportcard a bit happier
https://goreportcard.com/report/github.com/docker/docker

also found that `TestCpToErrDstParentNotExists()` was
partially broken, because a `runDockerCp()` was inadvertently
removed in f26a31e80c

`TestDaemonRestartSaveContainerExitCode()` didn't verify
the actual _Error_ message, so added that to the test,
and updated the test to take into account that the
"experimental" CI enables `--init` on containers.

`TestVolumeCLICreateOptionConflict()` only checked
for an error to occur, but didn't validate if the
error was due to conflicting options.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-01-24 11:16:19 +01:00
Derek McGowan 0421f5173d
Remove use of forked reference package for cli
Use resolving to repo info as the split point between the
legitimate reference package and forked reference package.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-01-19 16:04:50 -08:00
Vincent Demeester c10f6ef43f
Clean more build utils in integration cli
- Remove deprecated buildImage* functions
- Rename buildImageNew to buildImage
- Use *check.C in fakeContext* setup and in getIdByName

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-17 15:42:38 +01:00
Vincent Demeester 4fdfcb36cd Merge pull request #30138 from vdemeester/integration-use-testenv
[test-integration] Use testEnv methods and remove most of the global variables
2017-01-17 14:31:49 +01:00
Vincent Demeester c8016e669f
Use testEnv methods and remove most of the global variables
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-17 12:39:08 +01:00
Sebastiaan van Stijn 950792dc6d add integration test for FQDN hostname
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-01-17 11:01:59 +01:00
Vincent Demeester 9af5d7c340
Small cleanups on integration cli
- Join a few tests in one when it makes sense (reduce the number of
  container run and thus the overall time of the suites)
- Remove some duplication on several tests
- Remove some unused methods

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-12 16:57:59 +01:00
Tonis Tiigi 1e98fb5ad9 Fix leaked connections in integration tests
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-01-11 14:48:48 -08:00
Vincent Demeester 303b1d200a
Update trustedCmd to be compatible with testutil/cmd
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-09 11:07:05 +01:00
Vincent Demeester 87e3fcfe1e
Clean some runCommandWithOutput accross integration-cli code
There is still ways to go

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-05 17:44:31 +01:00
Vincent Demeester de709ebfd8 Merge pull request #29827 from vdemeester/integration-fixes-for-userns
Updates some integration tests to fix userns builds
2017-01-03 11:47:39 +01:00
Vincent Demeester 636d6ee57c
Do not fail in `TearDown` if container not found when removing
If the container is not found when removing, it means it's already not
there anymore, so it's safe to ignore. This should reduce a bit some
`TearDown` flakyness..

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-02 22:14:24 +01:00
Vincent Demeester bc19388fb2
Updates some integration tests to fix userns builds
- `TestRunMountReadOnlyDevShm` and `TestRunHostnameInHostMode` needs
  `NotUserNamespace` requirement as these are known limitation of
  userns.
- `TestBuildWorkdirCmd` should use a preload image (`busybox`) instead
  of one that require network access.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-02 19:13:26 +01:00
Vincent Demeester 33968e6c7d
Remove pkg/integration and move it to testutil or integration-cli
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-30 18:26:34 +01:00
Vincent Demeester def13fa23c
Clean integration-cli/utils.go from most of its content
Most of the code is now on pkg/integration.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-28 19:05:48 +01:00