diff options
author | Graham Christensen <graham@grahamc.com> | 2017-04-03 09:05:15 -0400 |
---|---|---|
committer | Graham Christensen <graham@grahamc.com> | 2017-04-03 09:05:41 -0400 |
commit | c7453084ef71e286699b7414894178e5559f5563 (patch) | |
tree | d89845a65b5715b0d6df6c988639db9b612db065 /nixos/tests/docker.nix | |
parent | fa4fe7110566d8370983fa81f2b04a833339236d (diff) |
docker: test for socket permissions
Diffstat (limited to 'nixos/tests/docker.nix')
-rw-r--r-- | nixos/tests/docker.nix | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/nixos/tests/docker.nix b/nixos/tests/docker.nix index 1b57a94a05d40..9096a5868f6cc 100644 --- a/nixos/tests/docker.nix +++ b/nixos/tests/docker.nix @@ -11,6 +11,21 @@ import ./make-test.nix ({ pkgs, ...} : { { config, pkgs, ... }: { virtualisation.docker.enable = true; + + users.users = { + noprivs = { + isNormalUser = true; + description = "Can't access the docker daemon"; + password = "foobar"; + }; + + hasprivs = { + isNormalUser = true; + description = "Can access the docker daemon"; + password = "foobar"; + extraGroups = [ "docker" ]; + }; + }; }; }; @@ -21,6 +36,8 @@ import ./make-test.nix ({ pkgs, ...} : { $docker->succeed("tar cv --files-from /dev/null | docker import - scratchimg"); $docker->succeed("docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"); $docker->succeed("docker ps | grep sleeping"); + $docker->succeed("sudo -u hasprivs docker ps"); + $docker->fail("sudo -u noprivs docker ps"); $docker->succeed("docker stop sleeping"); ''; }) |