InTheForest/moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2026-01-11 18:51:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Dockerfile: update debian frozen image to trixie-slim

Browse Source 
docker buildx imagetools inspect docker.io/library/debian:trixie-slim
    Name:      docker.io/library/debian:trixie-slim
    MediaType: application/vnd.oci.image.index.v1+json
    Digest:    sha256:c85a2732e97694ea77237c61304b3bb410e0e961dd6ee945997a06c788c545bb

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
2025-08-14 01:31:41 +02:00
parent ea126c0541
commit 39d4dbea9c
8 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
integration-cli/docker_cli_run_unix_test.go
View File

@@ -831,12 +831,12 @@ func (s *DockerCLIRunSuite) TestRunTmpfsMountsWithOptions(c *testing.T) {
assert.Assert(c, is.Contains(out, option))
}
// We use debian:bookworm-slim as there is no findmnt in busybox. Also the output will be in the format of
// We use debian:trixie-slim as there is no findmnt in busybox. Also the output will be in the format of
// TARGET PROPAGATION
// /tmp shared
// so we only capture `shared` here.
expectedOptions = []string{"shared"}
out = cli.DockerCmd(c, "run", "--tmpfs", "/tmp:shared", "debian:bookworm-slim", "findmnt", "-o", "TARGET,PROPAGATION", "/tmp").Combined()
out = cli.DockerCmd(c, "run", "--tmpfs", "/tmp:shared", "debian:trixie-slim", "findmnt", "-o", "TARGET,PROPAGATION", "/tmp").Combined()
for _, option := range expectedOptions {
assert.Assert(c, is.Contains(out, option))
}
@@ -872,7 +872,7 @@ func (s *DockerCLIRunSuite) TestRunSysctls(c *testing.T) {
})
}
// TestRunSeccompProfileDenyUnshare checks that 'docker run --security-opt seccomp=/tmp/profile.json debian:bookworm-slim unshare' exits with operation not permitted.
// TestRunSeccompProfileDenyUnshare checks that 'docker run --security-opt seccomp=/tmp/profile.json debian:trixie-slim unshare' exits with operation not permitted.
func (s *DockerCLIRunSuite) TestRunSeccompProfileDenyUnshare(c *testing.T) {
testRequires(c, testEnv.IsLocalDaemon, seccompEnabled, Apparmor)
const jsonData = `{
@@ -895,7 +895,7 @@ func (s *DockerCLIRunSuite) TestRunSeccompProfileDenyUnshare(c *testing.T) {
}
icmd.RunCommand(dockerBinary, "run", "--security-opt", "apparmor=unconfined",
"--security-opt", "seccomp="+tmpFile.Name(),
"debian:bookworm-slim", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc").Assert(c, icmd.Expected{
"debian:trixie-slim", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc").Assert(c, icmd.Expected{
ExitCode: 1,
Err: "Operation not permitted",
})
@@ -935,7 +935,7 @@ func (s *DockerCLIRunSuite) TestRunSeccompProfileDenyChmod(c *testing.T) {
})
}
// TestRunSeccompProfileDenyUnshareUserns checks that 'docker run debian:bookworm-slim unshare --map-root-user --user sh -c whoami' with a specific profile to
// TestRunSeccompProfileDenyUnshareUserns checks that 'docker run debian:trixie-slim unshare --map-root-user --user sh -c whoami' with a specific profile to
// deny unshare of a userns exits with operation not permitted.
func (s *DockerCLIRunSuite) TestRunSeccompProfileDenyUnshareUserns(c *testing.T) {
testRequires(c, testEnv.IsLocalDaemon, seccompEnabled, Apparmor)
@@ -967,7 +967,7 @@ func (s *DockerCLIRunSuite) TestRunSeccompProfileDenyUnshareUserns(c *testing.T)
}
icmd.RunCommand(dockerBinary, "run",
"--security-opt", "apparmor=unconfined", "--security-opt", "seccomp="+tmpFile.Name(),
"debian:bookworm-slim", "unshare", "--map-root-user", "--user", "sh", "-c", "whoami").Assert(c, icmd.Expected{
"debian:trixie-slim", "unshare", "--map-root-user", "--user", "sh", "-c", "whoami").Assert(c, icmd.Expected{
ExitCode: 1,
Err: "Operation not permitted",
})
@@ -1019,12 +1019,12 @@ func (s *DockerCLIRunSuite) TestRunSeccompProfileAllow32Bit(c *testing.T) {
icmd.RunCommand(dockerBinary, "run", "syscall-test", "exit32-test").Assert(c, icmd.Success)
}
// TestRunSeccompAllowSetrlimit checks that 'docker run debian:bookworm-slim ulimit -v 1048510' succeeds.
// TestRunSeccompAllowSetrlimit checks that 'docker run debian:trixie-slim ulimit -v 1048510' succeeds.
func (s *DockerCLIRunSuite) TestRunSeccompAllowSetrlimit(c *testing.T) {
testRequires(c, testEnv.IsLocalDaemon, seccompEnabled)
// ulimit uses setrlimit, so we want to make sure we don't break it
icmd.RunCommand(dockerBinary, "run", "debian:bookworm-slim", "bash", "-c", "ulimit -v 1048510").Assert(c, icmd.Success)
icmd.RunCommand(dockerBinary, "run", "debian:trixie-slim", "bash", "-c", "ulimit -v 1048510").Assert(c, icmd.Success)
}
func (s *DockerCLIRunSuite) TestRunSeccompDefaultProfileAcct(c *testing.T) {
@@ -1329,7 +1329,7 @@ func (s *DockerCLIRunSuite) TestRunSeccompWithDefaultProfile(c *testing.T) {
err = os.WriteFile(fileName, b, 0o644)
assert.NilError(c, err)
out, _, err := dockerCmdWithError("run", "--security-opt", "seccomp="+fileName, "debian:bookworm-slim", "unshare", "--map-root-user", "--user", "sh", "-c", "whoami")
out, _, err := dockerCmdWithError("run", "--security-opt", "seccomp="+fileName, "debian:trixie-slim", "unshare", "--map-root-user", "--user", "sh", "-c", "whoami")
assert.ErrorContains(c, err, "", out)
assert.Equal(c, strings.TrimSpace(out), "unshare: unshare failed: Operation not permitted")
}