vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity
pkg/libcontainer/container_test.go
Timothy Hobbs 193f9894c0 Refactor device handling code 
We now have one place that keeps track of (most) devices that are allowed and created within the container.  That place is pkg/libcontainer/devices/devices.go

This fixes several inconsistencies between which devices were created in the lxc backend and the native backend.  It also fixes inconsistencies between wich devices were created and which were allowed.  For example, /dev/full was being created but it was not allowed within the cgroup.  It also declares the file modes and permissions of the default devices, rather than copying them from the host.  This is in line with docker's philosphy of not being host dependent.

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
2014-05-30 19:21:29 +00:00

64 lines
1.3 KiB
Go
Raw Blame History

package libcontainer
import (
"encoding/json"
"os"
"testing"
)
// Checks whether the expected capability is specified in the capabilities.
func contains(expected string, values []string) bool {
for _, v := range values {
if v == expected {
return true
}
}
return false
}
func TestContainerJsonFormat(t *testing.T) {
f, err := os.Open("container.json")
if err != nil {
t.Fatal("Unable to open container.json")
}
defer f.Close()
var container *Container
if err := json.NewDecoder(f).Decode(&container); err != nil {
t.Fatalf("failed to decode container config: %s", err)
}
if container.Hostname != "koye" {
t.Log("hostname is not set")
t.Fail()
}
if !container.Tty {
t.Log("tty should be set to true")
t.Fail()
}
if !container.Namespaces["NEWNET"] {
t.Log("namespaces should contain NEWNET")
t.Fail()
}
if container.Namespaces["NEWUSER"] {
t.Log("namespaces should not contain NEWUSER")
t.Fail()
}
if contains("SYS_ADMIN", container.Capabilities) {
t.Log("SYS_ADMIN should not be enabled in capabilities mask")
t.Fail()
}
if !contains("MKNOD", container.Capabilities) {
t.Log("MKNOD should be enabled in capabilities mask")
t.Fail()
}
if contains("SYS_CHROOT", container.Capabilities) {
t.Log("capabilities mask should not contain SYS_CHROOT")
t.Fail()
}
}
View git blame Copy permalink