xref: /unit/test/test_python_isolation.py (revision 1490:cecf6b11a1e3)
1import unittest
2
3from unit.applications.lang.python import TestApplicationPython
4from unit.feature.isolation import TestFeatureIsolation
5
6
7class TestPythonIsolation(TestApplicationPython):
8    prerequisites = {'modules': {'python': 'any'}, 'features': ['isolation']}
9
10    isolation = TestFeatureIsolation()
11
12    @classmethod
13    def setUpClass(cls, complete_check=True):
14        unit = super().setUpClass(complete_check=False)
15
16        TestFeatureIsolation().check(cls.available, unit.testdir)
17
18        return unit if not complete_check else unit.complete()
19
20    def test_python_isolation_rootfs(self):
21        isolation_features = self.available['features']['isolation'].keys()
22
23        if 'mnt' not in isolation_features:
24            print('requires mnt ns')
25            raise unittest.SkipTest()
26
27        if not self.is_su:
28            if 'user' not in isolation_features:
29                print('requires unprivileged userns or root')
30                raise unittest.SkipTest()
31
32            if not 'unprivileged_userns_clone' in isolation_features:
33                print('requires unprivileged userns or root')
34                raise unittest.SkipTest()
35
36        isolation = {
37            'namespaces': {'credential': not self.is_su, 'mount': True},
38            'rootfs': self.testdir,
39        }
40
41        self.load('empty', isolation=isolation)
42
43        self.assertEqual(self.get()['status'], 200, 'python rootfs')
44
45        self.load('ns_inspect', isolation=isolation)
46
47        self.assertEqual(
48            self.getjson(url='/?path=' + self.testdir)['body']['FileExists'],
49            False,
50            'testdir does not exists in rootfs',
51        )
52
53        self.assertEqual(
54            self.getjson(url='/?path=/proc/self')['body']['FileExists'],
55            False,
56            'no /proc/self',
57        )
58
59        self.assertEqual(
60            self.getjson(url='/?path=/dev/pts')['body']['FileExists'],
61            False,
62            'no /dev/pts',
63        )
64
65        self.assertEqual(
66            self.getjson(url='/?path=/sys/kernel')['body']['FileExists'],
67            False,
68            'no /sys/kernel',
69        )
70
71        ret = self.getjson(url='/?path=/app/python/ns_inspect')
72
73        self.assertEqual(
74            ret['body']['FileExists'], True, 'application exists in rootfs',
75        )
76
77
78if __name__ == '__main__':
79    TestPythonIsolation.main()
80