docker-tools: add a test for permissions issues with AUFS/overlay

docker# [   11.054736] d24d6cdd57c9[763]: /bin/bash: error while loading
shared libraries: libreadline.so.7: cannot open shared object file:
Permission denied
docker# /bin/bash: error while loading shared libraries:
libreadline.so.7: cannot open shared object file: Permission denied
docker: exit status 127
docker: output:
error: command `docker run --rm -u 1000:1000 bash /bin/bash --version'
did not succeed (exit code 127)
command `docker run --rm -u 1000:1000 bash /bin/bash --version' did not
succeed (exit code 127)
This commit is contained in:
Daiderd Jordan 2018-04-14 13:41:23 +02:00
parent 2a09342395
commit d538fc06e2
No known key found for this signature in database
GPG key ID: D02435D05B810C96
3 changed files with 36 additions and 3 deletions

View file

@ -266,6 +266,7 @@ in rec {
tests.couchdb = callTest tests/couchdb.nix {};
tests.docker = callTestOnMatchingSystems ["x86_64-linux"] tests/docker.nix {};
tests.docker-tools = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools.nix {};
tests.docker-tools-overlay = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools-overlay.nix {};
tests.docker-edge = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-edge.nix {};
tests.dovecot = callTest tests/dovecot.nix {};
tests.dnscrypt-proxy = callTestOnMatchingSystems ["x86_64-linux"] tests/dnscrypt-proxy.nix {};

View file

@ -0,0 +1,32 @@
# this test creates a simple GNU image with docker tools and sees if it executes
import ./make-test.nix ({ pkgs, ... }:
{
name = "docker-tools-overlay";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ lnl7 ];
};
nodes = {
docker =
{ config, pkgs, ... }:
{
virtualisation.docker.enable = true;
virtualisation.docker.storageDriver = "overlay"; # defaults to overlay2
};
};
testScript =
''
$docker->waitForUnit("sockets.target");
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} bash --version");
# Check if the nix store has correct user permissions depending on what
# storage driver is used, incorrectly built images can show up as readonly.
# drw------- 3 0 0 3 Apr 14 11:36 /nix
# drw------- 99 0 0 100 Apr 14 11:36 /nix/store
$docker->succeed("docker run --rm -u 1000:1000 ${pkgs.dockerTools.examples.bash.imageName} bash --version");
'';
})

View file

@ -3,7 +3,7 @@
import ./make-test.nix ({ pkgs, ... }: {
name = "docker-tools";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ];
maintainers = [ lnl7 ];
};
nodes = {
@ -21,12 +21,12 @@ import ./make-test.nix ({ pkgs, ... }: {
$docker->waitForUnit("sockets.target");
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} /bin/bash --version");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} bash --version");
$docker->succeed("docker rmi ${pkgs.dockerTools.examples.bash.imageName}");
# Check if the nix store is correctly initialized by listing dependencies of the installed Nix binary
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.nix}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.nix.imageName} /bin/nix-store -qR ${pkgs.nix}");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.nix.imageName} nix-store -qR ${pkgs.nix}");
$docker->succeed("docker rmi ${pkgs.dockerTools.examples.nix.imageName}");
# To test the pullImage tool