diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix index 1cc554d002b2..a71cf79c5a78 100644 --- a/nixos/tests/docker-tools.nix +++ b/nixos/tests/docker-tools.nix @@ -270,5 +270,13 @@ import ./make-test-python.nix ({ pkgs, ... }: { docker.succeed( "docker images --format '{{.Repository}}' | grep -F '${examples.prefixedLayeredImage.imageName}'" ) + + with subtest("buildLayeredImage supports running chown with fakeRootCommands"): + docker.succeed( + "docker load --input='${examples.layeredImageWithFakeRootCommands}'" + ) + docker.succeed( + "docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} sh -c 'stat -c '%u' /home/jane | grep -E ^1000$'" + ) ''; }) diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix index 9e33a42af23e..2eab0ede0233 100644 --- a/pkgs/build-support/docker/examples.nix +++ b/pkgs/build-support/docker/examples.nix @@ -441,4 +441,17 @@ rec { tag = "latest"; config.Cmd = [ "${pkgs.hello}/bin/hello" ]; }; + + # layered image with files owned by a user other than root + layeredImageWithFakeRootCommands = pkgs.dockerTools.buildLayeredImage { + name = "layered-image-with-fake-root-commands"; + tag = "latest"; + contents = [ + pkgs.pkgsStatic.busybox + ]; + fakeRootCommands = '' + mkdir -p ./home/jane + chown 1000 ./home/jane + ''; + }; }