dockerTools: Add chown test
proot's --root-id "allows" chown only in the sense that it makes it
succeed vacuously, i.e. a no-op. This is undesired if the goal is to
actually create a layer with some files owned by different users.
Fortunately, fakeroot does allow persistence of emulated file owners,
and it is possible to combine fakeroot with proot, so replace proot
--root-id with fakeroot to do so.
This was fixed recently in d538fefb62
,
so this commit just adds a test.
This commit is contained in:
parent
8433938f9b
commit
84b5bcae26
@ -46,6 +46,18 @@ let
|
||||
echo 'runAsRoot has run.'
|
||||
'';
|
||||
};
|
||||
|
||||
chownTestImage =
|
||||
pkgs.dockerTools.streamLayeredImage {
|
||||
name = "chown-test";
|
||||
tag = "latest";
|
||||
enableFakechroot = true;
|
||||
fakeRootCommands = ''
|
||||
touch /testfile
|
||||
chown 12345:12345 /testfile
|
||||
'';
|
||||
config.Cmd = [ "${pkgs.coreutils}/bin/stat" "-c" "%u:%g" "/testfile" ];
|
||||
};
|
||||
in {
|
||||
name = "docker-tools";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
@ -550,5 +562,11 @@ in {
|
||||
"${examples.nix-shell-build-derivation} | docker load",
|
||||
"docker run --rm -it nix-shell-build-derivation"
|
||||
)
|
||||
|
||||
with subtest("streamLayeredImage: chown is persistent in fakeRootCommands"):
|
||||
docker.succeed(
|
||||
"${chownTestImage} | docker load",
|
||||
"docker run --rm ${chownTestImage.imageName} | diff /dev/stdin <(echo 12345:12345)"
|
||||
)
|
||||
'';
|
||||
})
|
||||
|
Loading…
Reference in New Issue
Block a user