1import unittest
1import pytest
2
3from unit.applications.lang.php import TestApplicationPHP
4from unit.feature.isolation import TestFeatureIsolation
5from conftest import option
6
7
8class TestPHPIsolation(TestApplicationPHP):
9 prerequisites = {'modules': {'php': 'any'}, 'features': ['isolation']}
10
11 isolation = TestFeatureIsolation()
12
13 @classmethod
13 def setUpClass(cls, complete_check=True):
14 unit = super().setUpClass(complete_check=False)
14 def setup_class(cls, complete_check=True):
15 unit = super().setup_class(complete_check=False)
16
16 TestFeatureIsolation().check(cls.available, unit.testdir)
17 TestFeatureIsolation().check(cls.available, unit.temp_dir)
18
19 return unit if not complete_check else unit.complete()
20
20 def test_php_isolation_rootfs(self):
21 def test_php_isolation_rootfs(self, is_su):
22 isolation_features = self.available['features']['isolation'].keys()
23
24 if 'mnt' not in isolation_features:
24 print('requires mnt ns')
25 raise unittest.SkipTest()
25 pytest.skip('requires mnt ns')
26
27 if not self.is_su:
27 if not is_su:
28 if 'user' not in isolation_features:
29 print('requires unprivileged userns or root')
30 raise unittest.SkipTest()
29 pytest.skip('requires unprivileged userns or root')
30
31 if not 'unprivileged_userns_clone' in isolation_features:
33 print('requires unprivileged userns or root')
34 raise unittest.SkipTest()
32 pytest.skip('requires unprivileged userns or root')
33
34 isolation = {
37 'namespaces': {'credential': not self.is_su, 'mount': True},
38 'rootfs': self.current_dir,
35 'namespaces': {'credential': not is_su, 'mount': True},
36 'rootfs': option.test_dir,
37 }
38
39 self.load('phpinfo', isolation=isolation)
40
43 self.assertIn(
44 'success', self.conf('"/php/phpinfo"', 'applications/phpinfo/root')
41 assert 'success' in self.conf(
42 '"/php/phpinfo"', 'applications/phpinfo/root'
43 )
46 self.assertIn(
47 'success',
48 self.conf(
49 '"/php/phpinfo"', 'applications/phpinfo/working_directory'
50 ),
44 assert 'success' in self.conf(
45 '"/php/phpinfo"', 'applications/phpinfo/working_directory'
46 )
47
53 self.assertEqual(self.get()['status'], 200, 'empty rootfs')
48 assert self.get()['status'] == 200, 'empty rootfs'
49
55 def test_php_isolation_rootfs_extensions(self):
50 def test_php_isolation_rootfs_extensions(self, is_su):
51 isolation_features = self.available['features']['isolation'].keys()
52
58 if not self.is_su:
53 if not is_su:
54 if 'user' not in isolation_features:
60 print('requires unprivileged userns or root')
61 raise unittest.SkipTest()
55 pytest.skip('requires unprivileged userns or root')
56
57 if not 'unprivileged_userns_clone' in isolation_features:
64 print('requires unprivileged userns or root')
65 raise unittest.SkipTest()
58 pytest.skip('requires unprivileged userns or root')
59
60 if 'mnt' not in isolation_features:
68 print('requires mnt ns')
69 raise unittest.SkipTest()
61 pytest.skip('requires mnt ns')
62
63 isolation = {
72 'rootfs': self.current_dir,
73 'namespaces': {
74 'credential': not self.is_su,
75 'mount': not self.is_su,
76 },
64 'rootfs': option.test_dir,
65 'namespaces': {'credential': not is_su, 'mount': not is_su},
66 }
67
68 self.load('list-extensions', isolation=isolation)
69
81 self.assertIn(
82 'success',
83 self.conf(
84 '"/php/list-extensions"', 'applications/list-extensions/root'
85 ),
70 assert 'success' in self.conf(
71 '"/php/list-extensions"', 'applications/list-extensions/root'
72 )
73
88 self.assertIn(
89 'success',
90 self.conf(
91 {'file': '/php/list-extensions/php.ini'},
92 'applications/list-extensions/options',
93 ),
74 assert 'success' in self.conf(
75 {'file': '/php/list-extensions/php.ini'},
76 'applications/list-extensions/options',
77 )
78
96 self.assertIn(
97 'success',
98 self.conf(
99 '"/php/list-extensions"',
100 'applications/list-extensions/working_directory',
101 ),
79 assert 'success' in self.conf(
80 '"/php/list-extensions"',
81 'applications/list-extensions/working_directory',
82 )
83
84 extensions = self.getjson()['body']
85
106 self.assertIn('json', extensions, 'json in extensions list')
107 self.assertIn('unit', extensions, 'unit in extensions list')
86 assert 'json' in extensions, 'json in extensions list'
87 assert 'unit' in extensions, 'unit in extensions list'
88
109
110 def test_php_isolation_rootfs_no_language_libs(self):
89 def test_php_isolation_rootfs_no_language_libs(self, is_su):
90 isolation_features = self.available['features']['isolation'].keys()
91
113 if not self.is_su:
92 if not is_su:
93 if 'user' not in isolation_features:
115 print('requires unprivileged userns or root')
116 raise unittest.SkipTest()
94 pytest.skip('requires unprivileged userns or root')
95
96 if not 'unprivileged_userns_clone' in isolation_features:
119 print('requires unprivileged userns or root')
120 raise unittest.SkipTest()
97 pytest.skip('requires unprivileged userns or root')
98
99 if 'mnt' not in isolation_features:
123 print('requires mnt ns')
124 raise unittest.SkipTest()
100 pytest.skip('requires mnt ns')
101
102 isolation = {
127 'rootfs': self.current_dir,
103 'rootfs': option.test_dir,
104 'automount': {'language_deps': False},
129 'namespaces': {
130 'credential': not self.is_su,
131 'mount': not self.is_su,
132 },
105 'namespaces': {'credential': not is_su, 'mount': not is_su},
106 }
107
108 self.load('list-extensions', isolation=isolation)
109
137 self.assertIn(
138 'success',
139 self.conf(
140 '"/php/list-extensions"', 'applications/list-extensions/root'
141 ),
110 assert 'success' in self.conf(
111 '"/php/list-extensions"', 'applications/list-extensions/root'
112 )
113
144 self.assertIn(
145 'success',
146 self.conf(
147 {'file': '/php/list-extensions/php.ini'},
148 'applications/list-extensions/options',
149 ),
114 assert 'success' in self.conf(
115 {'file': '/php/list-extensions/php.ini'},
116 'applications/list-extensions/options',
117 )
118
152 self.assertIn(
153 'success',
154 self.conf(
155 '"/php/list-extensions"',
156 'applications/list-extensions/working_directory',
157 ),
119 assert 'success' in self.conf(
120 '"/php/list-extensions"',
121 'applications/list-extensions/working_directory',
122 )
123
124 extensions = self.getjson()['body']
125
162 self.assertIn('unit', extensions, 'unit in extensions list')
163 self.assertNotIn('json', extensions, 'json not in extensions list')
126 assert 'unit' in extensions, 'unit in extensions list'
127 assert 'json' not in extensions, 'json not in extensions list'
128
165 self.assertIn(
166 'success',
167 self.conf(
168 {'language_deps': True},
169 'applications/list-extensions/isolation/automount',
170 ),
129 assert 'success' in self.conf(
130 {'language_deps': True},
131 'applications/list-extensions/isolation/automount',
132 )
133
134 extensions = self.getjson()['body']
135
175 self.assertIn('unit', extensions, 'unit in extensions list 2')
176 self.assertIn('json', extensions, 'json in extensions list 2')
136 assert 'unit' in extensions, 'unit in extensions list 2'
137 assert 'json' in extensions, 'json in extensions list 2'
138
178
179if __name__ == '__main__':
180 TestPHPIsolation.main()