1import unittest 2 3from unit.applications.lang.python import TestApplicationPython 4from unit.feature.isolation import TestFeatureIsolation 5 6 7class TestPythonIsolation(TestApplicationPython): 8 prerequisites = {'modules': {'python': 'any'}, 'features': ['isolation']} 9 10 isolation = TestFeatureIsolation() 11 12 @classmethod 13 def setUpClass(cls, complete_check=True): 14 unit = super().setUpClass(complete_check=False) 15 16 TestFeatureIsolation().check(cls.available, unit.testdir) 17 18 return unit if not complete_check else unit.complete() 19 20 def test_python_isolation_rootfs(self): 21 isolation_features = self.available['features']['isolation'].keys() 22 23 if 'mnt' not in isolation_features: 24 print('requires mnt ns') 25 raise unittest.SkipTest() 26 27 if not self.is_su: 28 if 'user' not in isolation_features: 29 print('requires unprivileged userns or root') 30 raise unittest.SkipTest() 31 32 if not 'unprivileged_userns_clone' in isolation_features: 33 print('requires unprivileged userns or root') 34 raise unittest.SkipTest() 35 36 isolation = { 37 'namespaces': {'credential': not self.is_su, 'mount': True}, 38 'rootfs': self.testdir, 39 } 40 41 self.load('empty', isolation=isolation) 42 43 self.assertEqual(self.get()['status'], 200, 'python rootfs') 44 45 self.load('ns_inspect', isolation=isolation) 46 47 self.assertEqual( 48 self.getjson(url='/?path=' + self.testdir)['body']['FileExists'], 49 False, 50 'testdir does not exists in rootfs', 51 ) 52 53 self.assertEqual( 54 self.getjson(url='/?path=/proc/self')['body']['FileExists'], 55 False, 56 'no /proc/self', 57 ) 58 59 self.assertEqual( 60 self.getjson(url='/?path=/dev/pts')['body']['FileExists'], 61 False, 62 'no /dev/pts', 63 ) 64 65 self.assertEqual( 66 self.getjson(url='/?path=/sys/kernel')['body']['FileExists'], 67 False, 68 'no /sys/kernel', 69 ) 70 71 ret = self.getjson(url='/?path=/app/python/ns_inspect') 72 73 self.assertEqual( 74 ret['body']['FileExists'], True, 'application exists in rootfs', 75 ) 76 77 78if __name__ == '__main__': 79 TestPythonIsolation.main() 80