From: Arnaud Rebillout <arnaud.rebillout@collabora.com>
Date: Wed, 4 Sep 2019 07:54:29 +0000 (+0100)
Subject: Disable privileged tests for cve-2018-15664
X-Git-Tag: archive/raspbian/18.09.9+dfsg1-5+rpi1~1^2^2~28
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=8ac1545200d26b0e157a5505ea7c07b7c32cb237;p=docker.io.git

Disable privileged tests for cve-2018-15664


Gbp-Pq: Name cve-2018-15664-03-debian-skip-privileged-tests.patch
---

diff --git a/engine/pkg/chrootarchive/archive_unix_test.go b/engine/pkg/chrootarchive/archive_unix_test.go
index f39a88ad..161be05f 100644
--- a/engine/pkg/chrootarchive/archive_unix_test.go
+++ b/engine/pkg/chrootarchive/archive_unix_test.go
@@ -16,6 +16,7 @@ import (
 	"github.com/docker/docker/pkg/archive"
 	"golang.org/x/sys/unix"
 	"gotest.tools/assert"
+	"gotest.tools/skip"
 )
 
 // Test for CVE-2018-15664
@@ -23,6 +24,7 @@ import (
 // some path outside of a container's rootfs that we do not copy data to a
 // container path that will actually overwrite data on the host
 func TestUntarWithMaliciousSymlinks(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "DM - skipping privileged test")
 	dir, err := ioutil.TempDir("", t.Name())
 	assert.NilError(t, err)
 	defer os.RemoveAll(dir)
@@ -84,6 +86,7 @@ func TestUntarWithMaliciousSymlinks(t *testing.T) {
 // some path outside of a container's rootfs that we do not unwittingly leak
 // host data into the archive.
 func TestTarWithMaliciousSymlinks(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "DM - skipping privileged test")
 	dir, err := ioutil.TempDir("", t.Name())
 	assert.NilError(t, err)
 	// defer os.RemoveAll(dir)