1*1654Szelenkov@nginx.comimport shutil 21635Szelenkov@nginx.com 31596Szelenkov@nginx.comimport pytest 41490St.nateldemoura@f5.com 51635Szelenkov@nginx.comfrom conftest import option 6*1654Szelenkov@nginx.comfrom conftest import unit_run 7*1654Szelenkov@nginx.comfrom conftest import unit_stop 81490St.nateldemoura@f5.comfrom unit.applications.lang.ruby import TestApplicationRuby 91490St.nateldemoura@f5.comfrom unit.feature.isolation import TestFeatureIsolation 101490St.nateldemoura@f5.com 111490St.nateldemoura@f5.com 121490St.nateldemoura@f5.comclass TestRubyIsolation(TestApplicationRuby): 131490St.nateldemoura@f5.com prerequisites = {'modules': {'ruby': 'any'}, 'features': ['isolation']} 141490St.nateldemoura@f5.com 151490St.nateldemoura@f5.com @classmethod 161596Szelenkov@nginx.com def setup_class(cls, complete_check=True): 17*1654Szelenkov@nginx.com check = super().setup_class(complete_check=False) 18*1654Szelenkov@nginx.com 19*1654Szelenkov@nginx.com unit = unit_run() 20*1654Szelenkov@nginx.com option.temp_dir = unit['temp_dir'] 211490St.nateldemoura@f5.com 22*1654Szelenkov@nginx.com TestFeatureIsolation().check(option.available, unit['temp_dir']) 231490St.nateldemoura@f5.com 24*1654Szelenkov@nginx.com assert unit_stop() is None 25*1654Szelenkov@nginx.com shutil.rmtree(unit['temp_dir']) 26*1654Szelenkov@nginx.com 27*1654Szelenkov@nginx.com return check if not complete_check else check() 281490St.nateldemoura@f5.com 291596Szelenkov@nginx.com def test_ruby_isolation_rootfs(self, is_su): 30*1654Szelenkov@nginx.com isolation_features = option.available['features']['isolation'].keys() 311490St.nateldemoura@f5.com 321490St.nateldemoura@f5.com if 'mnt' not in isolation_features: 331596Szelenkov@nginx.com pytest.skip('requires mnt ns') 341490St.nateldemoura@f5.com 351596Szelenkov@nginx.com if not is_su: 361490St.nateldemoura@f5.com if 'user' not in isolation_features: 371596Szelenkov@nginx.com pytest.skip('requires unprivileged userns or root') 381490St.nateldemoura@f5.com 391490St.nateldemoura@f5.com if not 'unprivileged_userns_clone' in isolation_features: 401596Szelenkov@nginx.com pytest.skip('requires unprivileged userns or root') 411490St.nateldemoura@f5.com 421490St.nateldemoura@f5.com isolation = { 431596Szelenkov@nginx.com 'namespaces': {'credential': not is_su, 'mount': True}, 441632Szelenkov@nginx.com 'rootfs': option.test_dir, 451490St.nateldemoura@f5.com } 461490St.nateldemoura@f5.com 471490St.nateldemoura@f5.com self.load('status_int', isolation=isolation) 481490St.nateldemoura@f5.com 491596Szelenkov@nginx.com assert 'success' in self.conf( 501596Szelenkov@nginx.com '"/ruby/status_int/config.ru"', 'applications/status_int/script', 511490St.nateldemoura@f5.com ) 521490St.nateldemoura@f5.com 531596Szelenkov@nginx.com assert 'success' in self.conf( 541596Szelenkov@nginx.com '"/ruby/status_int"', 'applications/status_int/working_directory', 551490St.nateldemoura@f5.com ) 561490St.nateldemoura@f5.com 571596Szelenkov@nginx.com assert self.get()['status'] == 200, 'status int' 58