1 2import pytest 3from unit.applications.lang.python import TestApplicationPython 4from unit.option import option 5from unit.utils import findmnt 6from unit.utils import waitformount 7from unit.utils import waitforunmount 8 9 10class TestPythonIsolation(TestApplicationPython): 11 prerequisites = {'modules': {'python': 'any'}, 'features': ['isolation']} 12 13 def test_python_isolation_rootfs(self, is_su, temp_dir): 14 isolation_features = option.available['features']['isolation'].keys() 15 16 if not is_su: 17 if not 'unprivileged_userns_clone' in isolation_features: 18 pytest.skip('requires unprivileged userns or root') 19 20 if 'user' not in isolation_features: 21 pytest.skip('user namespace is not supported') 22 23 if 'mnt' not in isolation_features: 24 pytest.skip('mnt namespace is not supported') 25 26 if 'pid' not in isolation_features: 27 pytest.skip('pid namespace is not supported') 28 29 isolation = {'rootfs': temp_dir} 30 31 if not is_su: 32 isolation['namespaces'] = { 33 'mount': True, 34 'credential': True, 35 'pid': True 36 } 37 38 self.load('ns_inspect', isolation=isolation) 39 40 assert ( 41 self.getjson(url='/?path=' + temp_dir)['body']['FileExists'] 42 == False 43 ), 'temp_dir does not exists in rootfs' 44 45 assert ( 46 self.getjson(url='/?path=/proc/self')['body']['FileExists'] 47 == True 48 ), 'no /proc/self' 49 50 assert ( 51 self.getjson(url='/?path=/dev/pts')['body']['FileExists'] == False 52 ), 'no /dev/pts' 53 54 assert ( 55 self.getjson(url='/?path=/sys/kernel')['body']['FileExists'] 56 == False 57 ), 'no /sys/kernel' 58 59 ret = self.getjson(url='/?path=/app/python/ns_inspect') 60 61 assert ( 62 ret['body']['FileExists'] == True 63 ), 'application exists in rootfs' 64 65 def test_python_isolation_rootfs_no_language_deps(self, is_su, temp_dir): 66 if not is_su: 67 pytest.skip('requires root') 68 69 isolation = { 70 'rootfs': temp_dir, 71 'automount': {'language_deps': False} 72 } 73 74 self.load('empty', isolation=isolation) 75 76 assert findmnt().find(temp_dir) == -1 77 assert (self.get()['status'] != 200), 'disabled language_deps' 78 assert findmnt().find(temp_dir) == -1 79 80 isolation['automount']['language_deps'] = True 81 82 self.load('empty', isolation=isolation) 83 84 assert findmnt().find(temp_dir) == -1 85 assert (self.get()['status'] == 200), 'enabled language_deps' 86 assert waitformount(temp_dir), 'language_deps mount' 87 88 self.conf({"listeners": {}, "applications": {}}) 89 90 assert waitforunmount(temp_dir), 'language_deps unmount'
| 1 2import pytest 3from unit.applications.lang.python import TestApplicationPython 4from unit.option import option 5from unit.utils import findmnt 6from unit.utils import waitformount 7from unit.utils import waitforunmount 8 9 10class TestPythonIsolation(TestApplicationPython): 11 prerequisites = {'modules': {'python': 'any'}, 'features': ['isolation']} 12 13 def test_python_isolation_rootfs(self, is_su, temp_dir): 14 isolation_features = option.available['features']['isolation'].keys() 15 16 if not is_su: 17 if not 'unprivileged_userns_clone' in isolation_features: 18 pytest.skip('requires unprivileged userns or root') 19 20 if 'user' not in isolation_features: 21 pytest.skip('user namespace is not supported') 22 23 if 'mnt' not in isolation_features: 24 pytest.skip('mnt namespace is not supported') 25 26 if 'pid' not in isolation_features: 27 pytest.skip('pid namespace is not supported') 28 29 isolation = {'rootfs': temp_dir} 30 31 if not is_su: 32 isolation['namespaces'] = { 33 'mount': True, 34 'credential': True, 35 'pid': True 36 } 37 38 self.load('ns_inspect', isolation=isolation) 39 40 assert ( 41 self.getjson(url='/?path=' + temp_dir)['body']['FileExists'] 42 == False 43 ), 'temp_dir does not exists in rootfs' 44 45 assert ( 46 self.getjson(url='/?path=/proc/self')['body']['FileExists'] 47 == True 48 ), 'no /proc/self' 49 50 assert ( 51 self.getjson(url='/?path=/dev/pts')['body']['FileExists'] == False 52 ), 'no /dev/pts' 53 54 assert ( 55 self.getjson(url='/?path=/sys/kernel')['body']['FileExists'] 56 == False 57 ), 'no /sys/kernel' 58 59 ret = self.getjson(url='/?path=/app/python/ns_inspect') 60 61 assert ( 62 ret['body']['FileExists'] == True 63 ), 'application exists in rootfs' 64 65 def test_python_isolation_rootfs_no_language_deps(self, is_su, temp_dir): 66 if not is_su: 67 pytest.skip('requires root') 68 69 isolation = { 70 'rootfs': temp_dir, 71 'automount': {'language_deps': False} 72 } 73 74 self.load('empty', isolation=isolation) 75 76 assert findmnt().find(temp_dir) == -1 77 assert (self.get()['status'] != 200), 'disabled language_deps' 78 assert findmnt().find(temp_dir) == -1 79 80 isolation['automount']['language_deps'] = True 81 82 self.load('empty', isolation=isolation) 83 84 assert findmnt().find(temp_dir) == -1 85 assert (self.get()['status'] == 200), 'enabled language_deps' 86 assert waitformount(temp_dir), 'language_deps mount' 87 88 self.conf({"listeners": {}, "applications": {}}) 89 90 assert waitforunmount(temp_dir), 'language_deps unmount'
|
| 91 92 def test_python_isolation_procfs(self, is_su, temp_dir): 93 isolation_features = option.available['features']['isolation'].keys() 94 95 if not is_su: 96 pytest.skip('requires root') 97 98 isolation = {'rootfs': temp_dir, 'automount': {'procfs': False}} 99 100 self.load('ns_inspect', isolation=isolation) 101 102 assert ( 103 self.getjson(url='/?path=/proc/self')['body']['FileExists'] 104 == False 105 ), 'no /proc/self' 106 107 isolation['automount']['procfs'] = True 108 109 self.load('ns_inspect', isolation=isolation) 110 111 assert ( 112 self.getjson(url='/?path=/proc/self')['body']['FileExists'] == True 113 ), '/proc/self'
|