diff options
author | Daiderd Jordan <daiderd@gmail.com> | 2018-04-14 13:41:23 +0200 |
---|---|---|
committer | Daiderd Jordan <daiderd@gmail.com> | 2018-04-14 14:11:14 +0200 |
commit | d538fc06e2be5a0e02d8c84b88442c44bb726bb6 (patch) | |
tree | 0255be9098696c003e80f42bc528687deca59c03 | |
parent | 2a0934239599f3127d1dbf9f063b3906a8e9ef6f (diff) | |
download | nixpkgs-d538fc06e2be5a0e02d8c84b88442c44bb726bb6.tar nixpkgs-d538fc06e2be5a0e02d8c84b88442c44bb726bb6.tar.gz nixpkgs-d538fc06e2be5a0e02d8c84b88442c44bb726bb6.tar.bz2 nixpkgs-d538fc06e2be5a0e02d8c84b88442c44bb726bb6.tar.lz nixpkgs-d538fc06e2be5a0e02d8c84b88442c44bb726bb6.tar.xz nixpkgs-d538fc06e2be5a0e02d8c84b88442c44bb726bb6.tar.zst nixpkgs-d538fc06e2be5a0e02d8c84b88442c44bb726bb6.zip |
docker-tools: add a test for permissions issues with AUFS/overlay
docker# [ 11.054736] d24d6cdd57c9[763]: /bin/bash: error while loading shared libraries: libreadline.so.7: cannot open shared object file: Permission denied docker# /bin/bash: error while loading shared libraries: libreadline.so.7: cannot open shared object file: Permission denied docker: exit status 127 docker: output: error: command `docker run --rm -u 1000:1000 bash /bin/bash --version' did not succeed (exit code 127) command `docker run --rm -u 1000:1000 bash /bin/bash --version' did not succeed (exit code 127)
-rw-r--r-- | nixos/release.nix | 1 | ||||
-rw-r--r-- | nixos/tests/docker-tools-overlay.nix | 32 | ||||
-rw-r--r-- | nixos/tests/docker-tools.nix | 6 |
3 files changed, 36 insertions, 3 deletions
diff --git a/nixos/release.nix b/nixos/release.nix index 4fd77e6471c..43c641f32c4 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -266,6 +266,7 @@ in rec { tests.couchdb = callTest tests/couchdb.nix {}; tests.docker = callTestOnMatchingSystems ["x86_64-linux"] tests/docker.nix {}; tests.docker-tools = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools.nix {}; + tests.docker-tools-overlay = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools-overlay.nix {}; tests.docker-edge = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-edge.nix {}; tests.dovecot = callTest tests/dovecot.nix {}; tests.dnscrypt-proxy = callTestOnMatchingSystems ["x86_64-linux"] tests/dnscrypt-proxy.nix {}; diff --git a/nixos/tests/docker-tools-overlay.nix b/nixos/tests/docker-tools-overlay.nix new file mode 100644 index 00000000000..9d7fa3e7a8c --- /dev/null +++ b/nixos/tests/docker-tools-overlay.nix @@ -0,0 +1,32 @@ +# this test creates a simple GNU image with docker tools and sees if it executes + +import ./make-test.nix ({ pkgs, ... }: +{ + name = "docker-tools-overlay"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ lnl7 ]; + }; + + nodes = { + docker = + { config, pkgs, ... }: + { + virtualisation.docker.enable = true; + virtualisation.docker.storageDriver = "overlay"; # defaults to overlay2 + }; + }; + + testScript = + '' + $docker->waitForUnit("sockets.target"); + + $docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'"); + $docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} bash --version"); + + # Check if the nix store has correct user permissions depending on what + # storage driver is used, incorrectly built images can show up as readonly. + # drw------- 3 0 0 3 Apr 14 11:36 /nix + # drw------- 99 0 0 100 Apr 14 11:36 /nix/store + $docker->succeed("docker run --rm -u 1000:1000 ${pkgs.dockerTools.examples.bash.imageName} bash --version"); + ''; +}) diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix index 9135bca0f4f..4466081d01e 100644 --- a/nixos/tests/docker-tools.nix +++ b/nixos/tests/docker-tools.nix @@ -3,7 +3,7 @@ import ./make-test.nix ({ pkgs, ... }: { name = "docker-tools"; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ ]; + maintainers = [ lnl7 ]; }; nodes = { @@ -21,12 +21,12 @@ import ./make-test.nix ({ pkgs, ... }: { $docker->waitForUnit("sockets.target"); $docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'"); - $docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} /bin/bash --version"); + $docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} bash --version"); $docker->succeed("docker rmi ${pkgs.dockerTools.examples.bash.imageName}"); # Check if the nix store is correctly initialized by listing dependencies of the installed Nix binary $docker->succeed("docker load --input='${pkgs.dockerTools.examples.nix}'"); - $docker->succeed("docker run --rm ${pkgs.dockerTools.examples.nix.imageName} /bin/nix-store -qR ${pkgs.nix}"); + $docker->succeed("docker run --rm ${pkgs.dockerTools.examples.nix.imageName} nix-store -qR ${pkgs.nix}"); $docker->succeed("docker rmi ${pkgs.dockerTools.examples.nix.imageName}"); # To test the pullImage tool |