test_python_isolation.py (1773:6c7e716cdec5) test_python_isolation.py (1774:8a90da5c0e24)
1
2import pytest
3from unit.applications.lang.python import TestApplicationPython
4from unit.option import option
5from unit.utils import findmnt
6from unit.utils import waitformount
7from unit.utils import waitforunmount
8
9
10class TestPythonIsolation(TestApplicationPython):
11 prerequisites = {'modules': {'python': 'any'}, 'features': ['isolation']}
12
13 def test_python_isolation_rootfs(self, is_su, temp_dir):
14 isolation_features = option.available['features']['isolation'].keys()
15
16 if not is_su:
17 if not 'unprivileged_userns_clone' in isolation_features:
18 pytest.skip('requires unprivileged userns or root')
19
20 if 'user' not in isolation_features:
21 pytest.skip('user namespace is not supported')
22
23 if 'mnt' not in isolation_features:
24 pytest.skip('mnt namespace is not supported')
25
26 if 'pid' not in isolation_features:
27 pytest.skip('pid namespace is not supported')
28
29 isolation = {'rootfs': temp_dir}
30
31 if not is_su:
32 isolation['namespaces'] = {
33 'mount': True,
34 'credential': True,
35 'pid': True
36 }
37
38 self.load('ns_inspect', isolation=isolation)
39
40 assert (
41 self.getjson(url='/?path=' + temp_dir)['body']['FileExists']
42 == False
43 ), 'temp_dir does not exists in rootfs'
44
45 assert (
46 self.getjson(url='/?path=/proc/self')['body']['FileExists']
47 == True
48 ), 'no /proc/self'
49
50 assert (
51 self.getjson(url='/?path=/dev/pts')['body']['FileExists'] == False
52 ), 'no /dev/pts'
53
54 assert (
55 self.getjson(url='/?path=/sys/kernel')['body']['FileExists']
56 == False
57 ), 'no /sys/kernel'
58
59 ret = self.getjson(url='/?path=/app/python/ns_inspect')
60
61 assert (
62 ret['body']['FileExists'] == True
63 ), 'application exists in rootfs'
64
65 def test_python_isolation_rootfs_no_language_deps(self, is_su, temp_dir):
66 if not is_su:
67 pytest.skip('requires root')
68
69 isolation = {
70 'rootfs': temp_dir,
71 'automount': {'language_deps': False}
72 }
73
74 self.load('empty', isolation=isolation)
75
76 assert findmnt().find(temp_dir) == -1
77 assert (self.get()['status'] != 200), 'disabled language_deps'
78 assert findmnt().find(temp_dir) == -1
79
80 isolation['automount']['language_deps'] = True
81
82 self.load('empty', isolation=isolation)
83
84 assert findmnt().find(temp_dir) == -1
85 assert (self.get()['status'] == 200), 'enabled language_deps'
86 assert waitformount(temp_dir), 'language_deps mount'
87
88 self.conf({"listeners": {}, "applications": {}})
89
90 assert waitforunmount(temp_dir), 'language_deps unmount'
1
2import pytest
3from unit.applications.lang.python import TestApplicationPython
4from unit.option import option
5from unit.utils import findmnt
6from unit.utils import waitformount
7from unit.utils import waitforunmount
8
9
10class TestPythonIsolation(TestApplicationPython):
11 prerequisites = {'modules': {'python': 'any'}, 'features': ['isolation']}
12
13 def test_python_isolation_rootfs(self, is_su, temp_dir):
14 isolation_features = option.available['features']['isolation'].keys()
15
16 if not is_su:
17 if not 'unprivileged_userns_clone' in isolation_features:
18 pytest.skip('requires unprivileged userns or root')
19
20 if 'user' not in isolation_features:
21 pytest.skip('user namespace is not supported')
22
23 if 'mnt' not in isolation_features:
24 pytest.skip('mnt namespace is not supported')
25
26 if 'pid' not in isolation_features:
27 pytest.skip('pid namespace is not supported')
28
29 isolation = {'rootfs': temp_dir}
30
31 if not is_su:
32 isolation['namespaces'] = {
33 'mount': True,
34 'credential': True,
35 'pid': True
36 }
37
38 self.load('ns_inspect', isolation=isolation)
39
40 assert (
41 self.getjson(url='/?path=' + temp_dir)['body']['FileExists']
42 == False
43 ), 'temp_dir does not exists in rootfs'
44
45 assert (
46 self.getjson(url='/?path=/proc/self')['body']['FileExists']
47 == True
48 ), 'no /proc/self'
49
50 assert (
51 self.getjson(url='/?path=/dev/pts')['body']['FileExists'] == False
52 ), 'no /dev/pts'
53
54 assert (
55 self.getjson(url='/?path=/sys/kernel')['body']['FileExists']
56 == False
57 ), 'no /sys/kernel'
58
59 ret = self.getjson(url='/?path=/app/python/ns_inspect')
60
61 assert (
62 ret['body']['FileExists'] == True
63 ), 'application exists in rootfs'
64
65 def test_python_isolation_rootfs_no_language_deps(self, is_su, temp_dir):
66 if not is_su:
67 pytest.skip('requires root')
68
69 isolation = {
70 'rootfs': temp_dir,
71 'automount': {'language_deps': False}
72 }
73
74 self.load('empty', isolation=isolation)
75
76 assert findmnt().find(temp_dir) == -1
77 assert (self.get()['status'] != 200), 'disabled language_deps'
78 assert findmnt().find(temp_dir) == -1
79
80 isolation['automount']['language_deps'] = True
81
82 self.load('empty', isolation=isolation)
83
84 assert findmnt().find(temp_dir) == -1
85 assert (self.get()['status'] == 200), 'enabled language_deps'
86 assert waitformount(temp_dir), 'language_deps mount'
87
88 self.conf({"listeners": {}, "applications": {}})
89
90 assert waitforunmount(temp_dir), 'language_deps unmount'
91
92 def test_python_isolation_procfs(self, is_su, temp_dir):
93 isolation_features = option.available['features']['isolation'].keys()
94
95 if not is_su:
96 pytest.skip('requires root')
97
98 isolation = {'rootfs': temp_dir, 'automount': {'procfs': False}}
99
100 self.load('ns_inspect', isolation=isolation)
101
102 assert (
103 self.getjson(url='/?path=/proc/self')['body']['FileExists']
104 == False
105 ), 'no /proc/self'
106
107 isolation['automount']['procfs'] = True
108
109 self.load('ns_inspect', isolation=isolation)
110
111 assert (
112 self.getjson(url='/?path=/proc/self')['body']['FileExists'] == True
113 ), '/proc/self'