test_python_isolation.py (1490:cecf6b11a1e3) test_python_isolation.py (1596:b7e2d4d92624)
1import unittest
1import pytest
2
3from unit.applications.lang.python import TestApplicationPython
4from unit.feature.isolation import TestFeatureIsolation
5
6
7class TestPythonIsolation(TestApplicationPython):
8 prerequisites = {'modules': {'python': 'any'}, 'features': ['isolation']}
9
10 isolation = TestFeatureIsolation()
11
12 @classmethod
2
3from unit.applications.lang.python import TestApplicationPython
4from unit.feature.isolation import TestFeatureIsolation
5
6
7class TestPythonIsolation(TestApplicationPython):
8 prerequisites = {'modules': {'python': 'any'}, 'features': ['isolation']}
9
10 isolation = TestFeatureIsolation()
11
12 @classmethod
13 def setUpClass(cls, complete_check=True):
14 unit = super().setUpClass(complete_check=False)
13 def setup_class(cls, complete_check=True):
14 unit = super().setup_class(complete_check=False)
15
15
16 TestFeatureIsolation().check(cls.available, unit.testdir)
16 TestFeatureIsolation().check(cls.available, unit.temp_dir)
17
18 return unit if not complete_check else unit.complete()
19
17
18 return unit if not complete_check else unit.complete()
19
20 def test_python_isolation_rootfs(self):
20 def test_python_isolation_rootfs(self, is_su):
21 isolation_features = self.available['features']['isolation'].keys()
22
23 if 'mnt' not in isolation_features:
21 isolation_features = self.available['features']['isolation'].keys()
22
23 if 'mnt' not in isolation_features:
24 print('requires mnt ns')
25 raise unittest.SkipTest()
24 pytest.skip('requires mnt ns')
26
25
27 if not self.is_su:
26 if not is_su:
28 if 'user' not in isolation_features:
27 if 'user' not in isolation_features:
29 print('requires unprivileged userns or root')
30 raise unittest.SkipTest()
28 pytest.skip('requires unprivileged userns or root')
31
32 if not 'unprivileged_userns_clone' in isolation_features:
29
30 if not 'unprivileged_userns_clone' in isolation_features:
33 print('requires unprivileged userns or root')
34 raise unittest.SkipTest()
31 pytest.skip('requires unprivileged userns or root')
35
36 isolation = {
32
33 isolation = {
37 'namespaces': {'credential': not self.is_su, 'mount': True},
38 'rootfs': self.testdir,
34 'namespaces': {'credential': not is_su, 'mount': True},
35 'rootfs': self.temp_dir,
39 }
40
41 self.load('empty', isolation=isolation)
42
36 }
37
38 self.load('empty', isolation=isolation)
39
43 self.assertEqual(self.get()['status'], 200, 'python rootfs')
40 assert self.get()['status'] == 200, 'python rootfs'
44
45 self.load('ns_inspect', isolation=isolation)
46
41
42 self.load('ns_inspect', isolation=isolation)
43
47 self.assertEqual(
48 self.getjson(url='/?path=' + self.testdir)['body']['FileExists'],
49 False,
50 'testdir does not exists in rootfs',
51 )
44 assert (
45 self.getjson(url='/?path=' + self.temp_dir)['body']['FileExists']
46 == False
47 ), 'temp_dir does not exists in rootfs'
52
48
53 self.assertEqual(
54 self.getjson(url='/?path=/proc/self')['body']['FileExists'],
55 False,
56 'no /proc/self',
57 )
49 assert (
50 self.getjson(url='/?path=/proc/self')['body']['FileExists']
51 == False
52 ), 'no /proc/self'
58
53
59 self.assertEqual(
60 self.getjson(url='/?path=/dev/pts')['body']['FileExists'],
61 False,
62 'no /dev/pts',
63 )
54 assert (
55 self.getjson(url='/?path=/dev/pts')['body']['FileExists'] == False
56 ), 'no /dev/pts'
64
57
65 self.assertEqual(
66 self.getjson(url='/?path=/sys/kernel')['body']['FileExists'],
67 False,
68 'no /sys/kernel',
69 )
58 assert (
59 self.getjson(url='/?path=/sys/kernel')['body']['FileExists']
60 == False
61 ), 'no /sys/kernel'
70
71 ret = self.getjson(url='/?path=/app/python/ns_inspect')
72
62
63 ret = self.getjson(url='/?path=/app/python/ns_inspect')
64
73 self.assertEqual(
74 ret['body']['FileExists'], True, 'application exists in rootfs',
75 )
76
77
78if __name__ == '__main__':
79 TestPythonIsolation.main()
65 assert (
66 ret['body']['FileExists'] == True
67 ), 'application exists in rootfs'