MCPcopy
hub / github.com/containerd/containerd / testUserNamespaces

Function testUserNamespaces

integration/client/container_linux_test.go:1175–1264  ·  view source on GitHub ↗
(t *testing.T, uidmaps, gidmaps []specs.LinuxIDMapping, cmdOpt oci.SpecOpts, readonlyRootFS bool, expected uint32)

Source from the content-addressed store, hash-verified

1173}
1174
1175func testUserNamespaces(t *testing.T, uidmaps, gidmaps []specs.LinuxIDMapping, cmdOpt oci.SpecOpts, readonlyRootFS bool, expected uint32) {
1176 checkUserNS(t)
1177
1178 client, err := newClient(t, address)
1179 if err != nil {
1180 t.Fatal(err)
1181 }
1182 defer client.Close()
1183
1184 var (
1185 image Image
1186 ctx, cancel = testContext(t)
1187 id = strings.Replace(t.Name(), "/", "-", -1)
1188 )
1189 defer cancel()
1190
1191 image, err = client.Pull(ctx, testUserNSImage, WithPullUnpack)
1192 if err != nil {
1193 t.Fatal(err)
1194 }
1195
1196 opts := []NewContainerOpts{WithNewSpec(oci.WithImageConfig(image),
1197 cmdOpt,
1198 oci.WithUserID(34), // run task as the "backup" user
1199 oci.WithUserNamespace(uidmaps, gidmaps),
1200 )}
1201
1202 if readonlyRootFS {
1203 if len(uidmaps) > 1 {
1204 opts = append([]NewContainerOpts{WithUserNSRemappedSnapshotView(id, image, uidmaps, gidmaps)}, opts...)
1205 } else {
1206 opts = append([]NewContainerOpts{WithRemappedSnapshotView(id, image, 1000, 2000)}, opts...)
1207 }
1208 } else {
1209 if len(uidmaps) > 1 {
1210 opts = append([]NewContainerOpts{WithUserNSRemappedSnapshot(id, image, uidmaps, gidmaps)}, opts...)
1211 } else {
1212 opts = append([]NewContainerOpts{WithRemappedSnapshot(id, image, 1000, 2000)}, opts...)
1213 }
1214 }
1215
1216 container, err := client.NewContainer(ctx, id, opts...)
1217 if err != nil {
1218 t.Fatal(err)
1219 }
1220 defer container.Delete(ctx, WithSnapshotCleanup)
1221
1222 copts := &options.Options{
1223 IoUid: 1000,
1224 IoGid: 2000,
1225 }
1226
1227 task, err := container.NewTask(ctx, cio.NewCreator(cio.WithStdio), func(_ context.Context, client *Client, r *TaskInfo) error {
1228 r.Options = copts
1229 return nil
1230 })
1231 if err != nil {
1232 t.Fatal(err)

Callers 1

TestUserNamespacesFunction · 0.85

Calls 15

DeleteMethod · 0.95
NewTaskMethod · 0.95
WithImageConfigFunction · 0.92
WithUserIDFunction · 0.92
WithUserNamespaceFunction · 0.92
NewCreatorFunction · 0.92
checkUserNSFunction · 0.85
newClientFunction · 0.85
testContextFunction · 0.85
WithNewSpecFunction · 0.85
WithRemappedSnapshotViewFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…