This repository has been archived by the owner on Oct 22, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 49
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for running containers in privileged mode.
This is required for some images such as the docker:dind image. See also #80.
- Loading branch information
1 parent
0352e00
commit 767fa82
Showing
16 changed files
with
124 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
50 changes: 50 additions & 0 deletions
50
app/src/journeyTest/kotlin/batect/journeytests/PrivilegedContainerTest.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
/* | ||
Copyright 2017-2019 Charles Korn. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package batect.journeytests | ||
|
||
import batect.journeytests.testutils.ApplicationRunner | ||
import batect.journeytests.testutils.itCleansUpAllContainersItCreates | ||
import batect.journeytests.testutils.itCleansUpAllNetworksItCreates | ||
import batect.testutils.createForGroup | ||
import batect.testutils.on | ||
import batect.testutils.runBeforeGroup | ||
import com.natpryce.hamkrest.assertion.assertThat | ||
import com.natpryce.hamkrest.containsSubstring | ||
import com.natpryce.hamkrest.equalTo | ||
import org.spekframework.spek2.Spek | ||
import org.spekframework.spek2.style.specification.describe | ||
|
||
object PrivilegedContainerTest : Spek({ | ||
describe("when running a container that requires privileged mode") { | ||
val runner by createForGroup { ApplicationRunner("privileged-container") } | ||
|
||
on("running a task that uses that container") { | ||
val result by runBeforeGroup { runner.runApplication(listOf("the-task")) } | ||
|
||
it("runs the container in privileged mode") { | ||
assertThat(result.output, containsSubstring("Container is privileged\r\n")) | ||
} | ||
|
||
it("runs successfully") { | ||
assertThat(result.exitCode, equalTo(0)) | ||
} | ||
|
||
itCleansUpAllContainersItCreates { result } | ||
itCleansUpAllNetworksItCreates { result } | ||
} | ||
} | ||
}) |
15 changes: 15 additions & 0 deletions
15
app/src/journeyTest/resources/privileged-container/batect.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
project_name: privileged-container | ||
|
||
containers: | ||
the-container: | ||
image: alpine:3.8 | ||
privileged: true | ||
volumes: | ||
- local: . | ||
container: /code | ||
|
||
tasks: | ||
the-task: | ||
run: | ||
container: the-container | ||
command: /code/task.sh |
15 changes: 15 additions & 0 deletions
15
app/src/journeyTest/resources/privileged-container/task.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
#!/usr/bin/env sh | ||
|
||
set -euo pipefail | ||
|
||
# Adapted from https://stackoverflow.com/a/32144661/1668119 | ||
|
||
if ip link add dummy0 type dummy ; then | ||
ip link delete dummy0 | ||
|
||
echo "Container is privileged" | ||
exit 0 | ||
else | ||
echo "Container is not privileged" | ||
exit 1 | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters