diff options
| author | Johan Thomsen <jth@dbc.dk> | 2020-07-30 17:18:41 +0200 |
|---|---|---|
| committer | Johan Thomsen <jth@dbc.dk> | 2020-07-31 10:14:07 +0200 |
| commit | f5db415e2f75f09048f98b96cee1a6e0d48c3a5d (patch) | |
| tree | fc6221ee98113dc1f81eed1adb3640e3f9cfb242 /nixos/tests/docker-tools.nix | |
| parent | 9f86685cc76991e983bf126a37e3f7f319247ba8 (diff) | |
| download | nixpkgs-f5db415e2f75f09048f98b96cee1a6e0d48c3a5d.tar nixpkgs-f5db415e2f75f09048f98b96cee1a6e0d48c3a5d.tar.gz nixpkgs-f5db415e2f75f09048f98b96cee1a6e0d48c3a5d.tar.bz2 nixpkgs-f5db415e2f75f09048f98b96cee1a6e0d48c3a5d.tar.lz nixpkgs-f5db415e2f75f09048f98b96cee1a6e0d48c3a5d.tar.xz nixpkgs-f5db415e2f75f09048f98b96cee1a6e0d48c3a5d.tar.zst nixpkgs-f5db415e2f75f09048f98b96cee1a6e0d48c3a5d.zip | |
nixos/tests/dockerTools: add test for running non-root containers with buildLayeredImage
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
Diffstat (limited to 'nixos/tests/docker-tools.nix')
| -rw-r--r-- | nixos/tests/docker-tools.nix | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix index 5ce67695de4..2543801ae8b 100644 --- a/nixos/tests/docker-tools.nix +++ b/nixos/tests/docker-tools.nix @@ -79,6 +79,16 @@ import ./make-test-python.nix ({ pkgs, ... }: { "docker rmi ${examples.nix.imageName}", ) + with subtest( + "Ensure (layered) nix store has correct permissions " + "and that the container starts when its process does not have uid 0" + ): + docker.succeed( + "docker load --input='${examples.bashLayeredWithUser}'", + "docker run -u somebody --rm ${examples.bashLayeredWithUser.imageName} ${pkgs.bash}/bin/bash -c 'test 555 == $(stat --format=%a /nix) && test 555 == $(stat --format=%a /nix/store)'", + "docker rmi ${examples.bashLayeredWithUser.imageName}", + ) + with subtest("The nix binary symlinks are intact"): docker.succeed( "docker load --input='${examples.nix}'", |