test_go_isolation.py (1706:a1da56837554) test_go_isolation.py (1707:d718554dd379)
1import grp
2import os
3import pwd
4import shutil
5
6import pytest
7
8from conftest import option

--- 318 unchanged lines hidden (view full) ---

327
328 obj = self.getjson(url='/?file=/go/app')['body']
329
330 assert obj['FileExists'] == True, 'app relative to rootfs'
331
332 obj = self.getjson(url='/?file=/bin/sh')['body']
333 assert obj['FileExists'] == False, 'file should not exists'
334
1import grp
2import os
3import pwd
4import shutil
5
6import pytest
7
8from conftest import option

--- 318 unchanged lines hidden (view full) ---

327
328 obj = self.getjson(url='/?file=/go/app')['body']
329
330 assert obj['FileExists'] == True, 'app relative to rootfs'
331
332 obj = self.getjson(url='/?file=/bin/sh')['body']
333 assert obj['FileExists'] == False, 'file should not exists'
334
335 def test_go_isolation_rootfs_default_tmpfs(self, is_su, temp_dir):
335 def test_go_isolation_rootfs_automount_tmpfs(self, is_su, temp_dir):
336 try:
337 open("/proc/self/mountinfo")
338 except:
339 pytest.skip('The system lacks /proc/self/mountinfo file')
340
336 if not is_su:
337 if not self.isolation_key('unprivileged_userns_clone'):
338 pytest.skip('unprivileged clone is not available')
339
340 if not self.isolation_key('user'):
341 pytest.skip('user namespace is not supported')
342
343 if not self.isolation_key('mnt'):

--- 8 unchanged lines hidden (view full) ---

352 isolation['namespaces'] = {
353 'mount': True,
354 'credential': True,
355 'pid': True
356 }
357
358 self.load('ns_inspect', isolation=isolation)
359
341 if not is_su:
342 if not self.isolation_key('unprivileged_userns_clone'):
343 pytest.skip('unprivileged clone is not available')
344
345 if not self.isolation_key('user'):
346 pytest.skip('user namespace is not supported')
347
348 if not self.isolation_key('mnt'):

--- 8 unchanged lines hidden (view full) ---

357 isolation['namespaces'] = {
358 'mount': True,
359 'credential': True,
360 'pid': True
361 }
362
363 self.load('ns_inspect', isolation=isolation)
364
360 obj = self.getjson(url='/?file=/tmp')['body']
365 obj = self.getjson(url='/?mounts=true')['body']
361
366
362 assert obj['FileExists'] == True, 'app has /tmp'
367 assert (
368 "/ /tmp" in obj['Mounts'] and "tmpfs" in obj['Mounts']
369 ), 'app has /tmp mounted on /'
370
371 isolation['automount'] = {
372 'tmpfs': False
373 }
374
375 self.load('ns_inspect', isolation=isolation)
376
377 obj = self.getjson(url='/?mounts=true')['body']
378
379 assert (
380 "/ /tmp" not in obj['Mounts'] and "tmpfs" not in obj['Mounts']
381 ), 'app has no /tmp mounted'