MCPcopy
hub / github.com/moby/moby / TestCreateWithCustomReadonlyPaths

Function TestCreateWithCustomReadonlyPaths

integration/container/create_test.go:317–386  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

315}
316
317func TestCreateWithCustomReadonlyPaths(t *testing.T) {
318 skip.If(t, testEnv.DaemonInfo.OSType != "linux")
319
320 ctx := setupTest(t)
321 apiClient := testEnv.APIClient()
322
323 testCases := []struct {
324 doc string
325 privileged bool
326 readonlyPaths []string
327 expected []string
328 }{
329 {
330 doc: "default readonly paths",
331 readonlyPaths: nil,
332 expected: oci.DefaultSpec().Linux.ReadonlyPaths,
333 },
334 {
335 doc: "empty readonly paths",
336 readonlyPaths: []string{},
337 expected: []string{},
338 },
339 {
340 doc: "custom readonly paths",
341 readonlyPaths: []string{"/proc/asound", "/proc/bus"},
342 expected: []string{"/proc/asound", "/proc/bus"},
343 },
344 {
345 // privileged containers should have no readonly paths by default
346 doc: "privileged",
347 privileged: true,
348 readonlyPaths: nil,
349 expected: nil,
350 },
351 }
352
353 for i, tc := range testCases {
354 t.Run(tc.doc, func(t *testing.T) {
355 t.Parallel()
356 ctr, err := apiClient.ContainerCreate(ctx, client.ContainerCreateOptions{
357 Config: &container.Config{
358 Image: "busybox",
359 Cmd: []string{"true"},
360 },
361 HostConfig: &container.HostConfig{
362 Privileged: tc.privileged,
363 ReadonlyPaths: tc.readonlyPaths,
364 },
365 Name: fmt.Sprintf("create-readonly-paths-%d", i),
366 })
367 assert.NilError(t, err)
368
369 ctrInspect, err := apiClient.ContainerInspect(ctx, ctr.ID, client.ContainerInspectOptions{})
370 assert.NilError(t, err)
371 assert.DeepEqual(t, ctrInspect.Container.HostConfig.ReadonlyPaths, tc.expected)
372
373 // Start the container.
374 _, err = apiClient.ContainerStart(ctx, ctr.ID, client.ContainerStartOptions{})

Callers

nothing calls this directly

Calls 8

DefaultSpecFunction · 0.92
APIClientMethod · 0.80
setupTestFunction · 0.70
RunMethod · 0.65
ContainerCreateMethod · 0.65
ContainerInspectMethod · 0.65
ContainerStartMethod · 0.65
ContainerStopMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…