docker: test for socket permissions

author: Graham Christensen <graham@grahamc.com> 2017-04-03 09:05:15 -0400
committer: Graham Christensen <graham@grahamc.com> 2017-04-03 09:05:41 -0400
commit: c7453084ef71e286699b7414894178e5559f5563 (patch)
tree: d89845a65b5715b0d6df6c988639db9b612db065 /nixos/tests/docker.nix
parent: fa4fe7110566d8370983fa81f2b04a833339236d (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/nixos/tests/docker.nix b/nixos/tests/docker.nix
index 1b57a94a05d4..9096a5868f6c 100644
--- a/nixos/tests/docker.nix
+++ b/nixos/tests/docker.nix
@@ -11,6 +11,21 @@ import ./make-test.nix ({ pkgs, ...} : {
       { config, pkgs, ... }:
         {
           virtualisation.docker.enable = true;
+
+          users.users = {
+            noprivs = {
+              isNormalUser = true;
+              description = "Can't access the docker daemon";
+              password = "foobar";
+            };
+
+            hasprivs = {
+              isNormalUser = true;
+              description = "Can access the docker daemon";
+              password = "foobar";
+              extraGroups = [ "docker" ];
+            };
+          };
         };
     };
 
@@ -21,6 +36,8 @@ import ./make-test.nix ({ pkgs, ...} : {
     $docker->succeed("tar cv --files-from /dev/null | docker import - scratchimg");
     $docker->succeed("docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10");
     $docker->succeed("docker ps | grep sleeping");
+    $docker->succeed("sudo -u hasprivs docker ps");
+    $docker->fail("sudo -u noprivs docker ps");
     $docker->succeed("docker stop sleeping");
   '';
 })
author	Graham Christensen <graham@grahamc.com>	2017-04-03 09:05:15 -0400
committer	Graham Christensen <graham@grahamc.com>	2017-04-03 09:05:41 -0400
commit	c7453084ef71e286699b7414894178e5559f5563 (patch)
tree	d89845a65b5715b0d6df6c988639db9b612db065 /nixos/tests/docker.nix
parent	fa4fe7110566d8370983fa81f2b04a833339236d (diff)