Deleted
Added
test_python_isolation.py (1654:fc7d0578e124) | test_python_isolation.py (1673:883f2f79c2f6) |
---|---|
1import shutil 2 3import pytest 4 5from conftest import option 6from conftest import unit_run 7from conftest import unit_stop 8from unit.applications.lang.python import TestApplicationPython --- 15 unchanged lines hidden (view full) --- 24 assert unit_stop() is None 25 shutil.rmtree(unit['temp_dir']) 26 27 return check if not complete_check else check() 28 29 def test_python_isolation_rootfs(self, is_su, temp_dir): 30 isolation_features = option.available['features']['isolation'].keys() 31 | 1import shutil 2 3import pytest 4 5from conftest import option 6from conftest import unit_run 7from conftest import unit_stop 8from unit.applications.lang.python import TestApplicationPython --- 15 unchanged lines hidden (view full) --- 24 assert unit_stop() is None 25 shutil.rmtree(unit['temp_dir']) 26 27 return check if not complete_check else check() 28 29 def test_python_isolation_rootfs(self, is_su, temp_dir): 30 isolation_features = option.available['features']['isolation'].keys() 31 |
32 if 'mnt' not in isolation_features: 33 pytest.skip('requires mnt ns') 34 | |
35 if not is_su: | 32 if not is_su: |
36 if 'user' not in isolation_features: 37 pytest.skip('requires unprivileged userns or root') 38 | |
39 if not 'unprivileged_userns_clone' in isolation_features: 40 pytest.skip('requires unprivileged userns or root') 41 | 33 if not 'unprivileged_userns_clone' in isolation_features: 34 pytest.skip('requires unprivileged userns or root') 35 |
42 isolation = { 43 'namespaces': {'credential': not is_su, 'mount': True}, 44 'rootfs': temp_dir, 45 } | 36 if 'user' not in isolation_features: 37 pytest.skip('user namespace is not supported') |
46 | 38 |
47 self.load('empty', isolation=isolation) | 39 if 'mnt' not in isolation_features: 40 pytest.skip('mnt namespace is not supported') |
48 | 41 |
49 assert self.get()['status'] == 200, 'python rootfs' | 42 if 'pid' not in isolation_features: 43 pytest.skip('pid namespace is not supported') |
50 | 44 |
45 isolation = {'rootfs': temp_dir} 46 47 if not is_su: 48 isolation['namespaces'] = { 49 'mount': True, 50 'credential': True, 51 'pid': True 52 } 53 |
|
51 self.load('ns_inspect', isolation=isolation) 52 53 assert ( 54 self.getjson(url='/?path=' + temp_dir)['body']['FileExists'] 55 == False 56 ), 'temp_dir does not exists in rootfs' 57 58 assert ( 59 self.getjson(url='/?path=/proc/self')['body']['FileExists'] | 54 self.load('ns_inspect', isolation=isolation) 55 56 assert ( 57 self.getjson(url='/?path=' + temp_dir)['body']['FileExists'] 58 == False 59 ), 'temp_dir does not exists in rootfs' 60 61 assert ( 62 self.getjson(url='/?path=/proc/self')['body']['FileExists'] |
60 == False | 63 == True |
61 ), 'no /proc/self' 62 63 assert ( 64 self.getjson(url='/?path=/dev/pts')['body']['FileExists'] == False 65 ), 'no /dev/pts' 66 67 assert ( 68 self.getjson(url='/?path=/sys/kernel')['body']['FileExists'] --- 4 unchanged lines hidden (view full) --- 73 74 assert ( 75 ret['body']['FileExists'] == True 76 ), 'application exists in rootfs' 77 78 def test_python_isolation_rootfs_no_language_deps(self, is_su, temp_dir): 79 isolation_features = option.available['features']['isolation'].keys() 80 | 64 ), 'no /proc/self' 65 66 assert ( 67 self.getjson(url='/?path=/dev/pts')['body']['FileExists'] == False 68 ), 'no /dev/pts' 69 70 assert ( 71 self.getjson(url='/?path=/sys/kernel')['body']['FileExists'] --- 4 unchanged lines hidden (view full) --- 76 77 assert ( 78 ret['body']['FileExists'] == True 79 ), 'application exists in rootfs' 80 81 def test_python_isolation_rootfs_no_language_deps(self, is_su, temp_dir): 82 isolation_features = option.available['features']['isolation'].keys() 83 |
81 if 'mnt' not in isolation_features: 82 pytest.skip('requires mnt ns') 83 | |
84 if not is_su: | 84 if not is_su: |
85 if 'user' not in isolation_features: 86 pytest.skip('requires unprivileged userns or root') 87 | |
88 if not 'unprivileged_userns_clone' in isolation_features: 89 pytest.skip('requires unprivileged userns or root') 90 | 85 if not 'unprivileged_userns_clone' in isolation_features: 86 pytest.skip('requires unprivileged userns or root') 87 |
88 if 'user' not in isolation_features: 89 pytest.skip('user namespace is not supported') 90 91 if 'mnt' not in isolation_features: 92 pytest.skip('mnt namespace is not supported') 93 94 if 'pid' not in isolation_features: 95 pytest.skip('pid namespace is not supported') 96 |
|
91 isolation = { | 97 isolation = { |
92 'namespaces': {'credential': not is_su, 'mount': True}, | |
93 'rootfs': temp_dir, 94 'automount': {'language_deps': False} 95 } 96 | 98 'rootfs': temp_dir, 99 'automount': {'language_deps': False} 100 } 101 |
102 if not is_su: 103 isolation['namespaces'] = { 104 'mount': True, 105 'credential': True, 106 'pid': True 107 } 108 |
|
97 self.load('empty', isolation=isolation) 98 99 assert (self.get()['status'] != 200), 'disabled language_deps' 100 101 isolation['automount']['language_deps'] = True 102 103 self.load('empty', isolation=isolation) 104 105 assert (self.get()['status'] == 200), 'enabled language_deps' | 109 self.load('empty', isolation=isolation) 110 111 assert (self.get()['status'] != 200), 'disabled language_deps' 112 113 isolation['automount']['language_deps'] = True 114 115 self.load('empty', isolation=isolation) 116 117 assert (self.get()['status'] == 200), 'enabled language_deps' |