xref: /unit/test/test_python_isolation.py (revision 1771:94cf6c5fafbd)
1
2import pytest
3from unit.applications.lang.python import TestApplicationPython
4from unit.option import option
5
6
7class TestPythonIsolation(TestApplicationPython):
8    prerequisites = {'modules': {'python': 'any'}, 'features': ['isolation']}
9
10    def test_python_isolation_rootfs(self, is_su, temp_dir):
11        isolation_features = option.available['features']['isolation'].keys()
12
13        if not is_su:
14            if not 'unprivileged_userns_clone' in isolation_features:
15                pytest.skip('requires unprivileged userns or root')
16
17            if 'user' not in isolation_features:
18                pytest.skip('user namespace is not supported')
19
20            if 'mnt' not in isolation_features:
21                pytest.skip('mnt namespace is not supported')
22
23            if 'pid' not in isolation_features:
24                pytest.skip('pid namespace is not supported')
25
26        isolation = {'rootfs': temp_dir}
27
28        if not is_su:
29            isolation['namespaces'] = {
30                'mount': True,
31                'credential': True,
32                'pid': True
33            }
34
35        self.load('ns_inspect', isolation=isolation)
36
37        assert (
38            self.getjson(url='/?path=' + temp_dir)['body']['FileExists']
39            == False
40        ), 'temp_dir does not exists in rootfs'
41
42        assert (
43            self.getjson(url='/?path=/proc/self')['body']['FileExists']
44            == True
45        ), 'no /proc/self'
46
47        assert (
48            self.getjson(url='/?path=/dev/pts')['body']['FileExists'] == False
49        ), 'no /dev/pts'
50
51        assert (
52            self.getjson(url='/?path=/sys/kernel')['body']['FileExists']
53            == False
54        ), 'no /sys/kernel'
55
56        ret = self.getjson(url='/?path=/app/python/ns_inspect')
57
58        assert (
59            ret['body']['FileExists'] == True
60        ), 'application exists in rootfs'
61
62    def test_python_isolation_rootfs_no_language_deps(self, is_su, temp_dir):
63        isolation_features = option.available['features']['isolation'].keys()
64
65        if not is_su:
66            if not 'unprivileged_userns_clone' in isolation_features:
67                pytest.skip('requires unprivileged userns or root')
68
69            if 'user' not in isolation_features:
70                pytest.skip('user namespace is not supported')
71
72            if 'mnt' not in isolation_features:
73                pytest.skip('mnt namespace is not supported')
74
75            if 'pid' not in isolation_features:
76                pytest.skip('pid namespace is not supported')
77
78        isolation = {
79            'rootfs': temp_dir,
80            'automount': {'language_deps': False}
81        }
82
83        if not is_su:
84            isolation['namespaces'] = {
85                'mount': True,
86                'credential': True,
87                'pid': True
88            }
89
90        self.load('empty', isolation=isolation)
91
92        assert (self.get()['status'] != 200), 'disabled language_deps'
93
94        isolation['automount']['language_deps'] = True
95
96        self.load('empty', isolation=isolation)
97
98        assert (self.get()['status'] == 200), 'enabled language_deps'
99