xref: /unit/test/test_ruby_isolation.py (revision 1654)
1*1654Szelenkov@nginx.comimport shutil
21635Szelenkov@nginx.com
31596Szelenkov@nginx.comimport pytest
41490St.nateldemoura@f5.com
51635Szelenkov@nginx.comfrom conftest import option
6*1654Szelenkov@nginx.comfrom conftest import unit_run
7*1654Szelenkov@nginx.comfrom conftest import unit_stop
81490St.nateldemoura@f5.comfrom unit.applications.lang.ruby import TestApplicationRuby
91490St.nateldemoura@f5.comfrom unit.feature.isolation import TestFeatureIsolation
101490St.nateldemoura@f5.com
111490St.nateldemoura@f5.com
121490St.nateldemoura@f5.comclass TestRubyIsolation(TestApplicationRuby):
131490St.nateldemoura@f5.com    prerequisites = {'modules': {'ruby': 'any'}, 'features': ['isolation']}
141490St.nateldemoura@f5.com
151490St.nateldemoura@f5.com    @classmethod
161596Szelenkov@nginx.com    def setup_class(cls, complete_check=True):
17*1654Szelenkov@nginx.com        check = super().setup_class(complete_check=False)
18*1654Szelenkov@nginx.com
19*1654Szelenkov@nginx.com        unit = unit_run()
20*1654Szelenkov@nginx.com        option.temp_dir = unit['temp_dir']
211490St.nateldemoura@f5.com
22*1654Szelenkov@nginx.com        TestFeatureIsolation().check(option.available, unit['temp_dir'])
231490St.nateldemoura@f5.com
24*1654Szelenkov@nginx.com        assert unit_stop() is None
25*1654Szelenkov@nginx.com        shutil.rmtree(unit['temp_dir'])
26*1654Szelenkov@nginx.com
27*1654Szelenkov@nginx.com        return check if not complete_check else check()
281490St.nateldemoura@f5.com
291596Szelenkov@nginx.com    def test_ruby_isolation_rootfs(self, is_su):
30*1654Szelenkov@nginx.com        isolation_features = option.available['features']['isolation'].keys()
311490St.nateldemoura@f5.com
321490St.nateldemoura@f5.com        if 'mnt' not in isolation_features:
331596Szelenkov@nginx.com            pytest.skip('requires mnt ns')
341490St.nateldemoura@f5.com
351596Szelenkov@nginx.com        if not is_su:
361490St.nateldemoura@f5.com            if 'user' not in isolation_features:
371596Szelenkov@nginx.com                pytest.skip('requires unprivileged userns or root')
381490St.nateldemoura@f5.com
391490St.nateldemoura@f5.com            if not 'unprivileged_userns_clone' in isolation_features:
401596Szelenkov@nginx.com                pytest.skip('requires unprivileged userns or root')
411490St.nateldemoura@f5.com
421490St.nateldemoura@f5.com        isolation = {
431596Szelenkov@nginx.com            'namespaces': {'credential': not is_su, 'mount': True},
441632Szelenkov@nginx.com            'rootfs': option.test_dir,
451490St.nateldemoura@f5.com        }
461490St.nateldemoura@f5.com
471490St.nateldemoura@f5.com        self.load('status_int', isolation=isolation)
481490St.nateldemoura@f5.com
491596Szelenkov@nginx.com        assert 'success' in self.conf(
501596Szelenkov@nginx.com            '"/ruby/status_int/config.ru"', 'applications/status_int/script',
511490St.nateldemoura@f5.com        )
521490St.nateldemoura@f5.com
531596Szelenkov@nginx.com        assert 'success' in self.conf(
541596Szelenkov@nginx.com            '"/ruby/status_int"', 'applications/status_int/working_directory',
551490St.nateldemoura@f5.com        )
561490St.nateldemoura@f5.com
571596Szelenkov@nginx.com        assert self.get()['status'] == 200, 'status int'
58