Deleted Added
1import grp
2import pwd
3import unittest
4
5from unit.applications.lang.go import TestApplicationGo
6from unit.feature.isolation import TestFeatureIsolation
7
8

--- 267 unchanged lines hidden (view full) ---

276 for ns in allns:
277 if ns.upper() in obj['NS']:
278 self.assertEqual(
279 obj['NS'][ns.upper()],
280 self.available['features']['isolation'][ns],
281 '%s match' % ns,
282 )
283
284 def test_go_isolation_rootfs_container(self):
285 if not self.isolation_key('unprivileged_userns_clone'):
286 print('unprivileged clone is not available')
287 raise unittest.SkipTest()
288
289 if not self.isolation_key('mnt'):
290 print('mnt namespace is not supported')
291 raise unittest.SkipTest()
292
293 isolation = {
294 'namespaces': {'mount': True, 'credential': True},
295 'rootfs': self.testdir,
296 }
297
298 self.load('ns_inspect', isolation=isolation)
299
300 obj = self.getjson(url='/?file=/go/app')['body']
301
302 self.assertEqual(obj['FileExists'], True, 'app relative to rootfs')
303
304 obj = self.getjson(url='/?file=/bin/sh')['body']
305 self.assertEqual(obj['FileExists'], False, 'file should not exists')
306
307 def test_go_isolation_rootfs_container_priv(self):
308 if not self.is_su:
309 print("requires root")
310 raise unittest.SkipTest()
311
312 if not self.isolation_key('mnt'):
313 print('mnt namespace is not supported')
314 raise unittest.SkipTest()
315
316 isolation = {
317 'namespaces': {'mount': True},
318 'rootfs': self.testdir,
319 }
320
321 self.load('ns_inspect', isolation=isolation)
322
323 obj = self.getjson(url='/?file=/go/app')['body']
324
325 self.assertEqual(obj['FileExists'], True, 'app relative to rootfs')
326
327 obj = self.getjson(url='/?file=/bin/sh')['body']
328 self.assertEqual(obj['FileExists'], False, 'file should not exists')
329
330
331if __name__ == '__main__':
332 TestGoIsolation.main()