Deleted
Added
1import grp 2import os 3import pwd 4import shutil 5 6import pytest 7 8from conftest import option --- 212 unchanged lines hidden (view full) --- 221 222 assert obj['NS']['MNT'] != self.isolation.getns('mnt'), 'mnt set' 223 assert obj['NS']['USER'] != self.isolation.getns('user'), 'user set' 224 225 def test_isolation_pid(self, is_su): 226 if not self.isolation_key('pid'): 227 pytest.skip('pid namespace is not supported') 228 |
229 if not is_su: 230 if not self.isolation_key('unprivileged_userns_clone'): 231 pytest.skip('unprivileged clone is not available') |
232 |
233 if not self.isolation_key('user'): 234 pytest.skip('user namespace is not supported') |
235 |
236 if not self.isolation_key('mnt'): 237 pytest.skip('mnt namespace is not supported') 238 239 isolation = {'namespaces': {'pid': True}} 240 241 if not is_su: 242 isolation['namespaces']['mount'] = True 243 isolation['namespaces']['credential'] = True 244 245 self.load('ns_inspect', isolation=isolation) 246 |
247 obj = self.getjson()['body'] 248 249 assert obj['PID'] == 1, 'pid of container is 1' 250 251 def test_isolation_namespace_false(self): 252 self.load('ns_inspect') 253 allns = list(option.available['features']['isolation'].keys()) 254 --- 19 unchanged lines hidden (view full) --- 274 275 for ns in allns: 276 if ns.upper() in obj['NS']: 277 assert ( 278 obj['NS'][ns.upper()] 279 == option.available['features']['isolation'][ns] 280 ), ('%s match' % ns) 281 |
282 def test_go_isolation_rootfs_container(self, is_su, temp_dir): 283 if not is_su: 284 if not self.isolation_key('unprivileged_userns_clone'): 285 pytest.skip('unprivileged clone is not available') |
286 |
287 if not self.isolation_key('user'): 288 pytest.skip('user namespace is not supported') |
289 |
290 if not self.isolation_key('mnt'): 291 pytest.skip('mnt namespace is not supported') |
292 |
293 if not self.isolation_key('pid'): 294 pytest.skip('pid namespace is not supported') 295 296 isolation = {'rootfs': temp_dir} 297 298 if not is_su: 299 isolation['namespaces'] = { 300 'mount': True, 301 'credential': True, 302 'pid': True 303 } 304 |
305 self.load('ns_inspect', isolation=isolation) 306 307 obj = self.getjson(url='/?file=/go/app')['body'] 308 309 assert obj['FileExists'] == True, 'app relative to rootfs' 310 311 obj = self.getjson(url='/?file=/bin/sh')['body'] 312 assert obj['FileExists'] == False, 'file should not exists' --- 14 unchanged lines hidden (view full) --- 327 328 obj = self.getjson(url='/?file=/go/app')['body'] 329 330 assert obj['FileExists'] == True, 'app relative to rootfs' 331 332 obj = self.getjson(url='/?file=/bin/sh')['body'] 333 assert obj['FileExists'] == False, 'file should not exists' 334 |
335 def test_go_isolation_rootfs_default_tmpfs(self, is_su, temp_dir): 336 if not is_su: 337 if not self.isolation_key('unprivileged_userns_clone'): 338 pytest.skip('unprivileged clone is not available') |
339 |
340 if not self.isolation_key('user'): 341 pytest.skip('user namespace is not supported') |
342 |
343 if not self.isolation_key('mnt'): 344 pytest.skip('mnt namespace is not supported') |
345 |
346 if not self.isolation_key('pid'): 347 pytest.skip('pid namespace is not supported') 348 349 isolation = {'rootfs': temp_dir} 350 351 if not is_su: 352 isolation['namespaces'] = { 353 'mount': True, 354 'credential': True, 355 'pid': True 356 } 357 |
358 self.load('ns_inspect', isolation=isolation) 359 360 obj = self.getjson(url='/?file=/tmp')['body'] 361 362 assert obj['FileExists'] == True, 'app has /tmp' |