(t *testing.T, uidmaps, gidmaps []specs.LinuxIDMapping, cmdOpt oci.SpecOpts, readonlyRootFS bool, expected uint32)
| 1173 | } |
| 1174 | |
| 1175 | func testUserNamespaces(t *testing.T, uidmaps, gidmaps []specs.LinuxIDMapping, cmdOpt oci.SpecOpts, readonlyRootFS bool, expected uint32) { |
| 1176 | checkUserNS(t) |
| 1177 | |
| 1178 | client, err := newClient(t, address) |
| 1179 | if err != nil { |
| 1180 | t.Fatal(err) |
| 1181 | } |
| 1182 | defer client.Close() |
| 1183 | |
| 1184 | var ( |
| 1185 | image Image |
| 1186 | ctx, cancel = testContext(t) |
| 1187 | id = strings.Replace(t.Name(), "/", "-", -1) |
| 1188 | ) |
| 1189 | defer cancel() |
| 1190 | |
| 1191 | image, err = client.Pull(ctx, testUserNSImage, WithPullUnpack) |
| 1192 | if err != nil { |
| 1193 | t.Fatal(err) |
| 1194 | } |
| 1195 | |
| 1196 | opts := []NewContainerOpts{WithNewSpec(oci.WithImageConfig(image), |
| 1197 | cmdOpt, |
| 1198 | oci.WithUserID(34), // run task as the "backup" user |
| 1199 | oci.WithUserNamespace(uidmaps, gidmaps), |
| 1200 | )} |
| 1201 | |
| 1202 | if readonlyRootFS { |
| 1203 | if len(uidmaps) > 1 { |
| 1204 | opts = append([]NewContainerOpts{WithUserNSRemappedSnapshotView(id, image, uidmaps, gidmaps)}, opts...) |
| 1205 | } else { |
| 1206 | opts = append([]NewContainerOpts{WithRemappedSnapshotView(id, image, 1000, 2000)}, opts...) |
| 1207 | } |
| 1208 | } else { |
| 1209 | if len(uidmaps) > 1 { |
| 1210 | opts = append([]NewContainerOpts{WithUserNSRemappedSnapshot(id, image, uidmaps, gidmaps)}, opts...) |
| 1211 | } else { |
| 1212 | opts = append([]NewContainerOpts{WithRemappedSnapshot(id, image, 1000, 2000)}, opts...) |
| 1213 | } |
| 1214 | } |
| 1215 | |
| 1216 | container, err := client.NewContainer(ctx, id, opts...) |
| 1217 | if err != nil { |
| 1218 | t.Fatal(err) |
| 1219 | } |
| 1220 | defer container.Delete(ctx, WithSnapshotCleanup) |
| 1221 | |
| 1222 | copts := &options.Options{ |
| 1223 | IoUid: 1000, |
| 1224 | IoGid: 2000, |
| 1225 | } |
| 1226 | |
| 1227 | task, err := container.NewTask(ctx, cio.NewCreator(cio.WithStdio), func(_ context.Context, client *Client, r *TaskInfo) error { |
| 1228 | r.Options = copts |
| 1229 | return nil |
| 1230 | }) |
| 1231 | if err != nil { |
| 1232 | t.Fatal(err) |
no test coverage detected
searching dependent graphs…