hughesjr / rpms / docker

Forked from rpms/docker 4 years ago
Clone

Blame SOURCES/libcontainer.patch

311a84
From 60cabaf0b8591b8e2bf6644114d8846adaf3239b Mon Sep 17 00:00:00 2001
311a84
From: Mrunal Patel <mrunalp@gmail.com>
311a84
Date: Fri, 9 Oct 2015 17:48:51 -0400
311a84
Subject: [PATCH] Pick latest changes to libcontainer/user package
311a84
311a84
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
311a84
---
311a84
 .../opencontainers/runc/libcontainer/user/user.go  |  39 +-
311a84
 .../runc/libcontainer/user/user_test.go            | 472 +++++++++++++++++++++
311a84
 2 files changed, 494 insertions(+), 17 deletions(-)
311a84
 create mode 100644 vendor/src/github.com/opencontainers/runc/libcontainer/user/user_test.go
311a84
311a84
diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/user/user.go b/vendor/src/github.com/opencontainers/runc/libcontainer/user/user.go
311a84
index 964e31b..e6375ea 100644
311a84
--- a/vendor/src/github.com/opencontainers/runc/libcontainer/user/user.go
311a84
+++ b/vendor/src/github.com/opencontainers/runc/libcontainer/user/user.go
311a84
@@ -349,21 +349,26 @@ func GetExecUser(userSpec string, defaults *ExecUser, passwd, group io.Reader) (
311a84
 	return user, nil
311a84
 }
311a84
 
311a84
-// GetAdditionalGroups looks up a list of groups by name or group id against
311a84
-// against the given /etc/group formatted data. If a group name cannot be found,
311a84
-// an error will be returned. If a group id cannot be found, it will be returned
311a84
-// as-is.
311a84
+// GetAdditionalGroups looks up a list of groups by name or group id
311a84
+// against the given /etc/group formatted data. If a group name cannot
311a84
+// be found, an error will be returned. If a group id cannot be found,
311a84
+// or the given group data is nil, the id will be returned as-is
311a84
+// provided it is in the legal range.
311a84
 func GetAdditionalGroups(additionalGroups []string, group io.Reader) ([]int, error) {
311a84
-	groups, err := ParseGroupFilter(group, func(g Group) bool {
311a84
-		for _, ag := range additionalGroups {
311a84
-			if g.Name == ag || strconv.Itoa(g.Gid) == ag {
311a84
-				return true
311a84
+	var groups = []Group{}
311a84
+	if group != nil {
311a84
+		var err error
311a84
+		groups, err = ParseGroupFilter(group, func(g Group) bool {
311a84
+			for _, ag := range additionalGroups {
311a84
+				if g.Name == ag || strconv.Itoa(g.Gid) == ag {
311a84
+					return true
311a84
+				}
311a84
 			}
311a84
+			return false
311a84
+		})
311a84
+		if err != nil {
311a84
+			return nil, fmt.Errorf("Unable to find additional groups %v: %v", additionalGroups, err)
311a84
 		}
311a84
-		return false
311a84
-	})
311a84
-	if err != nil {
311a84
-		return nil, fmt.Errorf("Unable to find additional groups %v: %v", additionalGroups, err)
311a84
 	}
311a84
 
311a84
 	gidMap := make(map[int]struct{})
311a84
@@ -401,13 +406,13 @@ func GetAdditionalGroups(additionalGroups []string, group io.Reader) ([]int, err
311a84
 	return gids, nil
311a84
 }
311a84
 
311a84
-// Wrapper around GetAdditionalGroups that opens the groupPath given and gives
311a84
-// it as an argument to GetAdditionalGroups.
311a84
+// GetAdditionalGroupsPath is a wrapper around GetAdditionalGroups
311a84
+// that opens the groupPath given and gives it as an argument to
311a84
+// GetAdditionalGroups.
311a84
 func GetAdditionalGroupsPath(additionalGroups []string, groupPath string) ([]int, error) {
311a84
 	group, err := os.Open(groupPath)
311a84
-	if err != nil {
311a84
-		return nil, fmt.Errorf("Failed to open group file: %v", err)
311a84
+	if err == nil {
311a84
+		defer group.Close()
311a84
 	}
311a84
-	defer group.Close()
311a84
 	return GetAdditionalGroups(additionalGroups, group)
311a84
 }
311a84
diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/user/user_test.go b/vendor/src/github.com/opencontainers/runc/libcontainer/user/user_test.go
311a84
new file mode 100644
311a84
index 0000000..53b2289
311a84
--- /dev/null
311a84
+++ b/vendor/src/github.com/opencontainers/runc/libcontainer/user/user_test.go
311a84
@@ -0,0 +1,472 @@
311a84
+package user
311a84
+
311a84
+import (
311a84
+	"io"
311a84
+	"reflect"
311a84
+	"sort"
311a84
+	"strconv"
311a84
+	"strings"
311a84
+	"testing"
311a84
+)
311a84
+
311a84
+func TestUserParseLine(t *testing.T) {
311a84
+	var (
311a84
+		a, b string
311a84
+		c    []string
311a84
+		d    int
311a84
+	)
311a84
+
311a84
+	parseLine("", &a, &b)
311a84
+	if a != "" || b != "" {
311a84
+		t.Fatalf("a and b should be empty ('%v', '%v')", a, b)
311a84
+	}
311a84
+
311a84
+	parseLine("a", &a, &b)
311a84
+	if a != "a" || b != "" {
311a84
+		t.Fatalf("a should be 'a' and b should be empty ('%v', '%v')", a, b)
311a84
+	}
311a84
+
311a84
+	parseLine("bad boys:corny cows", &a, &b)
311a84
+	if a != "bad boys" || b != "corny cows" {
311a84
+		t.Fatalf("a should be 'bad boys' and b should be 'corny cows' ('%v', '%v')", a, b)
311a84
+	}
311a84
+
311a84
+	parseLine("", &c)
311a84
+	if len(c) != 0 {
311a84
+		t.Fatalf("c should be empty (%#v)", c)
311a84
+	}
311a84
+
311a84
+	parseLine("d,e,f:g:h:i,j,k", &c, &a, &b, &c)
311a84
+	if a != "g" || b != "h" || len(c) != 3 || c[0] != "i" || c[1] != "j" || c[2] != "k" {
311a84
+		t.Fatalf("a should be 'g', b should be 'h', and c should be ['i','j','k'] ('%v', '%v', '%#v')", a, b, c)
311a84
+	}
311a84
+
311a84
+	parseLine("::::::::::", &a, &b, &c)
311a84
+	if a != "" || b != "" || len(c) != 0 {
311a84
+		t.Fatalf("a, b, and c should all be empty ('%v', '%v', '%#v')", a, b, c)
311a84
+	}
311a84
+
311a84
+	parseLine("not a number", &d)
311a84
+	if d != 0 {
311a84
+		t.Fatalf("d should be 0 (%v)", d)
311a84
+	}
311a84
+
311a84
+	parseLine("b:12:c", &a, &d, &b)
311a84
+	if a != "b" || b != "c" || d != 12 {
311a84
+		t.Fatalf("a should be 'b' and b should be 'c', and d should be 12 ('%v', '%v', %v)", a, b, d)
311a84
+	}
311a84
+}
311a84
+
311a84
+func TestUserParsePasswd(t *testing.T) {
311a84
+	users, err := ParsePasswdFilter(strings.NewReader(`
311a84
+root:x:0:0:root:/root:/bin/bash
311a84
+adm:x:3:4:adm:/var/adm:/bin/false
311a84
+this is just some garbage data
311a84
+`), nil)
311a84
+	if err != nil {
311a84
+		t.Fatalf("Unexpected error: %v", err)
311a84
+	}
311a84
+	if len(users) != 3 {
311a84
+		t.Fatalf("Expected 3 users, got %v", len(users))
311a84
+	}
311a84
+	if users[0].Uid != 0 || users[0].Name != "root" {
311a84
+		t.Fatalf("Expected users[0] to be 0 - root, got %v - %v", users[0].Uid, users[0].Name)
311a84
+	}
311a84
+	if users[1].Uid != 3 || users[1].Name != "adm" {
311a84
+		t.Fatalf("Expected users[1] to be 3 - adm, got %v - %v", users[1].Uid, users[1].Name)
311a84
+	}
311a84
+}
311a84
+
311a84
+func TestUserParseGroup(t *testing.T) {
311a84
+	groups, err := ParseGroupFilter(strings.NewReader(`
311a84
+root:x:0:root
311a84
+adm:x:4:root,adm,daemon
311a84
+this is just some garbage data
311a84
+`), nil)
311a84
+	if err != nil {
311a84
+		t.Fatalf("Unexpected error: %v", err)
311a84
+	}
311a84
+	if len(groups) != 3 {
311a84
+		t.Fatalf("Expected 3 groups, got %v", len(groups))
311a84
+	}
311a84
+	if groups[0].Gid != 0 || groups[0].Name != "root" || len(groups[0].List) != 1 {
311a84
+		t.Fatalf("Expected groups[0] to be 0 - root - 1 member, got %v - %v - %v", groups[0].Gid, groups[0].Name, len(groups[0].List))
311a84
+	}
311a84
+	if groups[1].Gid != 4 || groups[1].Name != "adm" || len(groups[1].List) != 3 {
311a84
+		t.Fatalf("Expected groups[1] to be 4 - adm - 3 members, got %v - %v - %v", groups[1].Gid, groups[1].Name, len(groups[1].List))
311a84
+	}
311a84
+}
311a84
+
311a84
+func TestValidGetExecUser(t *testing.T) {
311a84
+	const passwdContent = `
311a84
+root:x:0:0:root user:/root:/bin/bash
311a84
+adm:x:42:43:adm:/var/adm:/bin/false
311a84
+this is just some garbage data
311a84
+`
311a84
+	const groupContent = `
311a84
+root:x:0:root
311a84
+adm:x:43:
311a84
+grp:x:1234:root,adm
311a84
+this is just some garbage data
311a84
+`
311a84
+	defaultExecUser := ExecUser{
311a84
+		Uid:   8888,
311a84
+		Gid:   8888,
311a84
+		Sgids: []int{8888},
311a84
+		Home:  "/8888",
311a84
+	}
311a84
+
311a84
+	tests := []struct {
311a84
+		ref      string
311a84
+		expected ExecUser
311a84
+	}{
311a84
+		{
311a84
+			ref: "root",
311a84
+			expected: ExecUser{
311a84
+				Uid:   0,
311a84
+				Gid:   0,
311a84
+				Sgids: []int{0, 1234},
311a84
+				Home:  "/root",
311a84
+			},
311a84
+		},
311a84
+		{
311a84
+			ref: "adm",
311a84
+			expected: ExecUser{
311a84
+				Uid:   42,
311a84
+				Gid:   43,
311a84
+				Sgids: []int{1234},
311a84
+				Home:  "/var/adm",
311a84
+			},
311a84
+		},
311a84
+		{
311a84
+			ref: "root:adm",
311a84
+			expected: ExecUser{
311a84
+				Uid:   0,
311a84
+				Gid:   43,
311a84
+				Sgids: defaultExecUser.Sgids,
311a84
+				Home:  "/root",
311a84
+			},
311a84
+		},
311a84
+		{
311a84
+			ref: "adm:1234",
311a84
+			expected: ExecUser{
311a84
+				Uid:   42,
311a84
+				Gid:   1234,
311a84
+				Sgids: defaultExecUser.Sgids,
311a84
+				Home:  "/var/adm",
311a84
+			},
311a84
+		},
311a84
+		{
311a84
+			ref: "42:1234",
311a84
+			expected: ExecUser{
311a84
+				Uid:   42,
311a84
+				Gid:   1234,
311a84
+				Sgids: defaultExecUser.Sgids,
311a84
+				Home:  "/var/adm",
311a84
+			},
311a84
+		},
311a84
+		{
311a84
+			ref: "1337:1234",
311a84
+			expected: ExecUser{
311a84
+				Uid:   1337,
311a84
+				Gid:   1234,
311a84
+				Sgids: defaultExecUser.Sgids,
311a84
+				Home:  defaultExecUser.Home,
311a84
+			},
311a84
+		},
311a84
+		{
311a84
+			ref: "1337",
311a84
+			expected: ExecUser{
311a84
+				Uid:   1337,
311a84
+				Gid:   defaultExecUser.Gid,
311a84
+				Sgids: defaultExecUser.Sgids,
311a84
+				Home:  defaultExecUser.Home,
311a84
+			},
311a84
+		},
311a84
+		{
311a84
+			ref: "",
311a84
+			expected: ExecUser{
311a84
+				Uid:   defaultExecUser.Uid,
311a84
+				Gid:   defaultExecUser.Gid,
311a84
+				Sgids: defaultExecUser.Sgids,
311a84
+				Home:  defaultExecUser.Home,
311a84
+			},
311a84
+		},
311a84
+	}
311a84
+
311a84
+	for _, test := range tests {
311a84
+		passwd := strings.NewReader(passwdContent)
311a84
+		group := strings.NewReader(groupContent)
311a84
+
311a84
+		execUser, err := GetExecUser(test.ref, &defaultExecUser, passwd, group)
311a84
+		if err != nil {
311a84
+			t.Logf("got unexpected error when parsing '%s': %s", test.ref, err.Error())
311a84
+			t.Fail()
311a84
+			continue
311a84
+		}
311a84
+
311a84
+		if !reflect.DeepEqual(test.expected, *execUser) {
311a84
+			t.Logf("got:      %#v", execUser)
311a84
+			t.Logf("expected: %#v", test.expected)
311a84
+			t.Fail()
311a84
+			continue
311a84
+		}
311a84
+	}
311a84
+}
311a84
+
311a84
+func TestInvalidGetExecUser(t *testing.T) {
311a84
+	const passwdContent = `
311a84
+root:x:0:0:root user:/root:/bin/bash
311a84
+adm:x:42:43:adm:/var/adm:/bin/false
311a84
+this is just some garbage data
311a84
+`
311a84
+	const groupContent = `
311a84
+root:x:0:root
311a84
+adm:x:43:
311a84
+grp:x:1234:root,adm
311a84
+this is just some garbage data
311a84
+`
311a84
+
311a84
+	tests := []string{
311a84
+		// No such user/group.
311a84
+		"notuser",
311a84
+		"notuser:notgroup",
311a84
+		"root:notgroup",
311a84
+		"notuser:adm",
311a84
+		"8888:notgroup",
311a84
+		"notuser:8888",
311a84
+
311a84
+		// Invalid user/group values.
311a84
+		"-1:0",
311a84
+		"0:-3",
311a84
+		"-5:-2",
311a84
+	}
311a84
+
311a84
+	for _, test := range tests {
311a84
+		passwd := strings.NewReader(passwdContent)
311a84
+		group := strings.NewReader(groupContent)
311a84
+
311a84
+		execUser, err := GetExecUser(test, nil, passwd, group)
311a84
+		if err == nil {
311a84
+			t.Logf("got unexpected success when parsing '%s': %#v", test, execUser)
311a84
+			t.Fail()
311a84
+			continue
311a84
+		}
311a84
+	}
311a84
+}
311a84
+
311a84
+func TestGetExecUserNilSources(t *testing.T) {
311a84
+	const passwdContent = `
311a84
+root:x:0:0:root user:/root:/bin/bash
311a84
+adm:x:42:43:adm:/var/adm:/bin/false
311a84
+this is just some garbage data
311a84
+`
311a84
+	const groupContent = `
311a84
+root:x:0:root
311a84
+adm:x:43:
311a84
+grp:x:1234:root,adm
311a84
+this is just some garbage data
311a84
+`
311a84
+
311a84
+	defaultExecUser := ExecUser{
311a84
+		Uid:   8888,
311a84
+		Gid:   8888,
311a84
+		Sgids: []int{8888},
311a84
+		Home:  "/8888",
311a84
+	}
311a84
+
311a84
+	tests := []struct {
311a84
+		ref           string
311a84
+		passwd, group bool
311a84
+		expected      ExecUser
311a84
+	}{
311a84
+		{
311a84
+			ref:    "",
311a84
+			passwd: false,
311a84
+			group:  false,
311a84
+			expected: ExecUser{
311a84
+				Uid:   8888,
311a84
+				Gid:   8888,
311a84
+				Sgids: []int{8888},
311a84
+				Home:  "/8888",
311a84
+			},
311a84
+		},
311a84
+		{
311a84
+			ref:    "root",
311a84
+			passwd: true,
311a84
+			group:  false,
311a84
+			expected: ExecUser{
311a84
+				Uid:   0,
311a84
+				Gid:   0,
311a84
+				Sgids: []int{8888},
311a84
+				Home:  "/root",
311a84
+			},
311a84
+		},
311a84
+		{
311a84
+			ref:    "0",
311a84
+			passwd: false,
311a84
+			group:  false,
311a84
+			expected: ExecUser{
311a84
+				Uid:   0,
311a84
+				Gid:   8888,
311a84
+				Sgids: []int{8888},
311a84
+				Home:  "/8888",
311a84
+			},
311a84
+		},
311a84
+		{
311a84
+			ref:    "0:0",
311a84
+			passwd: false,
311a84
+			group:  false,
311a84
+			expected: ExecUser{
311a84
+				Uid:   0,
311a84
+				Gid:   0,
311a84
+				Sgids: []int{8888},
311a84
+				Home:  "/8888",
311a84
+			},
311a84
+		},
311a84
+	}
311a84
+
311a84
+	for _, test := range tests {
311a84
+		var passwd, group io.Reader
311a84
+
311a84
+		if test.passwd {
311a84
+			passwd = strings.NewReader(passwdContent)
311a84
+		}
311a84
+
311a84
+		if test.group {
311a84
+			group = strings.NewReader(groupContent)
311a84
+		}
311a84
+
311a84
+		execUser, err := GetExecUser(test.ref, &defaultExecUser, passwd, group)
311a84
+		if err != nil {
311a84
+			t.Logf("got unexpected error when parsing '%s': %s", test.ref, err.Error())
311a84
+			t.Fail()
311a84
+			continue
311a84
+		}
311a84
+
311a84
+		if !reflect.DeepEqual(test.expected, *execUser) {
311a84
+			t.Logf("got:      %#v", execUser)
311a84
+			t.Logf("expected: %#v", test.expected)
311a84
+			t.Fail()
311a84
+			continue
311a84
+		}
311a84
+	}
311a84
+}
311a84
+
311a84
+func TestGetAdditionalGroups(t *testing.T) {
311a84
+	const groupContent = `
311a84
+root:x:0:root
311a84
+adm:x:43:
311a84
+grp:x:1234:root,adm
311a84
+adm:x:4343:root,adm-duplicate
311a84
+this is just some garbage data
311a84
+`
311a84
+	tests := []struct {
311a84
+		groups   []string
311a84
+		expected []int
311a84
+		hasError bool
311a84
+	}{
311a84
+		{
311a84
+			// empty group
311a84
+			groups:   []string{},
311a84
+			expected: []int{},
311a84
+		},
311a84
+		{
311a84
+			// single group
311a84
+			groups:   []string{"adm"},
311a84
+			expected: []int{43},
311a84
+		},
311a84
+		{
311a84
+			// multiple groups
311a84
+			groups:   []string{"adm", "grp"},
311a84
+			expected: []int{43, 1234},
311a84
+		},
311a84
+		{
311a84
+			// invalid group
311a84
+			groups:   []string{"adm", "grp", "not-exist"},
311a84
+			expected: nil,
311a84
+			hasError: true,
311a84
+		},
311a84
+		{
311a84
+			// group with numeric id
311a84
+			groups:   []string{"43"},
311a84
+			expected: []int{43},
311a84
+		},
311a84
+		{
311a84
+			// group with unknown numeric id
311a84
+			groups:   []string{"adm", "10001"},
311a84
+			expected: []int{43, 10001},
311a84
+		},
311a84
+		{
311a84
+			// groups specified twice with numeric and name
311a84
+			groups:   []string{"adm", "43"},
311a84
+			expected: []int{43},
311a84
+		},
311a84
+		{
311a84
+			// groups with too small id
311a84
+			groups:   []string{"-1"},
311a84
+			expected: nil,
311a84
+			hasError: true,
311a84
+		},
311a84
+		{
311a84
+			// groups with too large id
311a84
+			groups:   []string{strconv.Itoa(1 << 31)},
311a84
+			expected: nil,
311a84
+			hasError: true,
311a84
+		},
311a84
+	}
311a84
+
311a84
+	for _, test := range tests {
311a84
+		group := strings.NewReader(groupContent)
311a84
+
311a84
+		gids, err := GetAdditionalGroups(test.groups, group)
311a84
+		if test.hasError && err == nil {
311a84
+			t.Errorf("Parse(%#v) expects error but has none", test)
311a84
+			continue
311a84
+		}
311a84
+		if !test.hasError && err != nil {
311a84
+			t.Errorf("Parse(%#v) has error %v", test, err)
311a84
+			continue
311a84
+		}
311a84
+		sort.Sort(sort.IntSlice(gids))
311a84
+		if !reflect.DeepEqual(gids, test.expected) {
311a84
+			t.Errorf("Gids(%v), expect %v from groups %v", gids, test.expected, test.groups)
311a84
+		}
311a84
+	}
311a84
+}
311a84
+
311a84
+func TestGetAdditionalGroupsNumeric(t *testing.T) {
311a84
+	tests := []struct {
311a84
+		groups   []string
311a84
+		expected []int
311a84
+		hasError bool
311a84
+	}{
311a84
+		{
311a84
+			// numeric groups only
311a84
+			groups:   []string{"1234", "5678"},
311a84
+			expected: []int{1234, 5678},
311a84
+		},
311a84
+		{
311a84
+			// numeric and alphabetic
311a84
+			groups:   []string{"1234", "fake"},
311a84
+			expected: nil,
311a84
+			hasError: true,
311a84
+		},
311a84
+	}
311a84
+
311a84
+	for _, test := range tests {
311a84
+		gids, err := GetAdditionalGroups(test.groups, nil)
311a84
+		if test.hasError && err == nil {
311a84
+			t.Errorf("Parse(%#v) expects error but has none", test)
311a84
+			continue
311a84
+		}
311a84
+		if !test.hasError && err != nil {
311a84
+			t.Errorf("Parse(%#v) has error %v", test, err)
311a84
+			continue
311a84
+		}
311a84
+		sort.Sort(sort.IntSlice(gids))
311a84
+		if !reflect.DeepEqual(gids, test.expected) {
311a84
+			t.Errorf("Gids(%v), expect %v from groups %v", gids, test.expected, test.groups)
311a84
+		}
311a84
+	}
311a84
+}