toolshed/docker-cli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
35,714 Commits 3 Branches 295 Tags
ea7e1c4aaaaf7d2c187f4c4dd4b1139cf00aec94
Commit Graph

7 Commits

Author SHA1 Message Date
Salahuddin Khan
7414934b6c Add ADD/COPY --chown flag support to Windows 
This implements chown support on Windows. Built-in accounts as well
as accounts included in the SAM database of the container are supported.

NOTE: IDPair is now named Identity and IDMappings is now named
IdentityMapping.

The following are valid examples:
ADD --chown=Guest . <some directory>
COPY --chown=Administrator . <some directory>
COPY --chown=Guests . <some directory>
COPY --chown=ContainerUser . <some directory>

On Windows an owner is only granted the permission to read the security
descriptor and read/write the discretionary access control list. This
fix also grants read/write and execute permissions to the owner.

Signed-off-by: Salahuddin Khan <salah@docker.com>
Upstream-commit: 763d8392612942ff5c32a35f8bdafd7ae93d3321
Component: engine
 2018-08-13 21:59:11 -07:00
Vincent Demeester
4cadaa03f8 Update tests to use gotest.tools 👼 
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 38457285242e57306c5b7ee652c7ccbb9fbd6713
Component: engine
 2018-06-13 09:04:30 +02:00
Kir Kolyshkin
53eaee8346 daemon.getSourceMount(): fix for / mount point 
A recent optimization in getSourceMount() made it return an error
in case when the found mount point is "/". This prevented bind-mounted
volumes from working in such cases.

A (rather trivial but adeqate) unit test case is added.

Fixes: 871c957242 ("getSourceMount(): simplify")
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Upstream-commit: d8fd6137a1f6d95a2bcdfeb6e1dfa6b816790c5e
Component: engine
 2018-05-10 12:53:37 -07:00
Daniel Nephin
60daf5fa97 Automated migration using 
gty-migrate-from-testify --ignore-build-tags

Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 6be0f709830113966f295401327b027ec2f0bbca
Component: engine
 2018-03-16 11:03:43 -04:00
Kir Kolyshkin
d36dd1e792 daemon/oci_linux_test: add TestIpcPrivateVsReadonly 
The test case checks that in case of IpcMode: private and
ReadonlyRootfs: true (as in "docker run --ipc private --read-only")
the resulting /dev/shm mount is NOT made read-only.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Upstream-commit: 33dd562e3acff71ee18a2543d14fcbecf9bf0e62
Component: engine
 2018-03-08 14:04:03 -08:00
Daniel Nephin
be83c11fb0 Add canonical import comment 
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 4f0d95fa6ee7f865597c03b9e63702cdcb0f7067
Component: engine
 2018-02-05 16:51:57 -05:00
Kir Kolyshkin
6e7cb1931d Fix "duplicate mount point" when --tmpfs /dev/shm is used 
This is a fix to the following issue:

$ docker run --tmpfs /dev/shm busybox sh
docker: Error response from daemon: linux mounts: Duplicate mount point '/dev/shm'.

In current code (daemon.createSpec()), tmpfs mount from --tmpfs is added
to list of mounts (`ms`), when the mount from IpcMounts() is added.
While IpcMounts() is checking for existing mounts first, it does that
by using container.HasMountFor() function which only checks container.Mounts
but not container.Tmpfs.

Ultimately, the solution is to get rid of container.Tmpfs (moving its
data to container.Mounts). Current workaround is to add checking
of container.Tmpfs into container.HasMountFor().

A unit test case is included.

Unfortunately we can't call daemon.createSpec() from a unit test,
as the code relies a lot on various daemon structures to be initialized
properly, and it is hard to achieve. Therefore, we minimally mimick
the code flow of daemon.createSpec() -- barely enough to reproduce
the issue.

https://github.com/moby/moby/issues/35455

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Upstream-commit: 1861abdc4a31efad202a5c3d89a895bb7a62799a
Component: engine
 2017-11-20 18:48:27 -08:00