1*1490St.nateldemoura@f5.comimport unittest 2*1490St.nateldemoura@f5.com 3*1490St.nateldemoura@f5.comfrom unit.applications.lang.python import TestApplicationPython 4*1490St.nateldemoura@f5.comfrom unit.feature.isolation import TestFeatureIsolation 5*1490St.nateldemoura@f5.com 6*1490St.nateldemoura@f5.com 7*1490St.nateldemoura@f5.comclass TestPythonIsolation(TestApplicationPython): 8*1490St.nateldemoura@f5.com prerequisites = {'modules': {'python': 'any'}, 'features': ['isolation']} 9*1490St.nateldemoura@f5.com 10*1490St.nateldemoura@f5.com isolation = TestFeatureIsolation() 11*1490St.nateldemoura@f5.com 12*1490St.nateldemoura@f5.com @classmethod 13*1490St.nateldemoura@f5.com def setUpClass(cls, complete_check=True): 14*1490St.nateldemoura@f5.com unit = super().setUpClass(complete_check=False) 15*1490St.nateldemoura@f5.com 16*1490St.nateldemoura@f5.com TestFeatureIsolation().check(cls.available, unit.testdir) 17*1490St.nateldemoura@f5.com 18*1490St.nateldemoura@f5.com return unit if not complete_check else unit.complete() 19*1490St.nateldemoura@f5.com 20*1490St.nateldemoura@f5.com def test_python_isolation_rootfs(self): 21*1490St.nateldemoura@f5.com isolation_features = self.available['features']['isolation'].keys() 22*1490St.nateldemoura@f5.com 23*1490St.nateldemoura@f5.com if 'mnt' not in isolation_features: 24*1490St.nateldemoura@f5.com print('requires mnt ns') 25*1490St.nateldemoura@f5.com raise unittest.SkipTest() 26*1490St.nateldemoura@f5.com 27*1490St.nateldemoura@f5.com if not self.is_su: 28*1490St.nateldemoura@f5.com if 'user' not in isolation_features: 29*1490St.nateldemoura@f5.com print('requires unprivileged userns or root') 30*1490St.nateldemoura@f5.com raise unittest.SkipTest() 31*1490St.nateldemoura@f5.com 32*1490St.nateldemoura@f5.com if not 'unprivileged_userns_clone' in isolation_features: 33*1490St.nateldemoura@f5.com print('requires unprivileged userns or root') 34*1490St.nateldemoura@f5.com raise unittest.SkipTest() 35*1490St.nateldemoura@f5.com 36*1490St.nateldemoura@f5.com isolation = { 37*1490St.nateldemoura@f5.com 'namespaces': {'credential': not self.is_su, 'mount': True}, 38*1490St.nateldemoura@f5.com 'rootfs': self.testdir, 39*1490St.nateldemoura@f5.com } 40*1490St.nateldemoura@f5.com 41*1490St.nateldemoura@f5.com self.load('empty', isolation=isolation) 42*1490St.nateldemoura@f5.com 43*1490St.nateldemoura@f5.com self.assertEqual(self.get()['status'], 200, 'python rootfs') 44*1490St.nateldemoura@f5.com 45*1490St.nateldemoura@f5.com self.load('ns_inspect', isolation=isolation) 46*1490St.nateldemoura@f5.com 47*1490St.nateldemoura@f5.com self.assertEqual( 48*1490St.nateldemoura@f5.com self.getjson(url='/?path=' + self.testdir)['body']['FileExists'], 49*1490St.nateldemoura@f5.com False, 50*1490St.nateldemoura@f5.com 'testdir does not exists in rootfs', 51*1490St.nateldemoura@f5.com ) 52*1490St.nateldemoura@f5.com 53*1490St.nateldemoura@f5.com self.assertEqual( 54*1490St.nateldemoura@f5.com self.getjson(url='/?path=/proc/self')['body']['FileExists'], 55*1490St.nateldemoura@f5.com False, 56*1490St.nateldemoura@f5.com 'no /proc/self', 57*1490St.nateldemoura@f5.com ) 58*1490St.nateldemoura@f5.com 59*1490St.nateldemoura@f5.com self.assertEqual( 60*1490St.nateldemoura@f5.com self.getjson(url='/?path=/dev/pts')['body']['FileExists'], 61*1490St.nateldemoura@f5.com False, 62*1490St.nateldemoura@f5.com 'no /dev/pts', 63*1490St.nateldemoura@f5.com ) 64*1490St.nateldemoura@f5.com 65*1490St.nateldemoura@f5.com self.assertEqual( 66*1490St.nateldemoura@f5.com self.getjson(url='/?path=/sys/kernel')['body']['FileExists'], 67*1490St.nateldemoura@f5.com False, 68*1490St.nateldemoura@f5.com 'no /sys/kernel', 69*1490St.nateldemoura@f5.com ) 70*1490St.nateldemoura@f5.com 71*1490St.nateldemoura@f5.com ret = self.getjson(url='/?path=/app/python/ns_inspect') 72*1490St.nateldemoura@f5.com 73*1490St.nateldemoura@f5.com self.assertEqual( 74*1490St.nateldemoura@f5.com ret['body']['FileExists'], True, 'application exists in rootfs', 75*1490St.nateldemoura@f5.com ) 76*1490St.nateldemoura@f5.com 77*1490St.nateldemoura@f5.com 78*1490St.nateldemoura@f5.comif __name__ == '__main__': 79*1490St.nateldemoura@f5.com TestPythonIsolation.main() 80