xref: /unit/test/test_ruby_isolation.py (revision 1673:883f2f79c2f6)
1import shutil
2
3import pytest
4
5from conftest import option
6from conftest import unit_run
7from conftest import unit_stop
8from unit.applications.lang.ruby import TestApplicationRuby
9from unit.feature.isolation import TestFeatureIsolation
10
11
12class TestRubyIsolation(TestApplicationRuby):
13    prerequisites = {'modules': {'ruby': 'any'}, 'features': ['isolation']}
14
15    @classmethod
16    def setup_class(cls, complete_check=True):
17        check = super().setup_class(complete_check=False)
18
19        unit = unit_run()
20        option.temp_dir = unit['temp_dir']
21
22        TestFeatureIsolation().check(option.available, unit['temp_dir'])
23
24        assert unit_stop() is None
25        shutil.rmtree(unit['temp_dir'])
26
27        return check if not complete_check else check()
28
29    def test_ruby_isolation_rootfs_mount_namespace(self, is_su):
30        isolation_features = option.available['features']['isolation'].keys()
31
32        if not is_su:
33            if not 'unprivileged_userns_clone' in isolation_features:
34                pytest.skip('requires unprivileged userns or root')
35
36            if 'user' not in isolation_features:
37                pytest.skip('user namespace is not supported')
38
39            if 'mnt' not in isolation_features:
40                pytest.skip('mnt namespace is not supported')
41
42            if 'pid' not in isolation_features:
43                pytest.skip('pid namespace is not supported')
44
45        isolation = {'rootfs': option.test_dir}
46
47        if not is_su:
48            isolation['namespaces'] = {
49                'mount': True,
50                'credential': True,
51                'pid': True
52            }
53
54        self.load('status_int', isolation=isolation)
55
56        assert 'success' in self.conf(
57            '"/ruby/status_int/config.ru"', 'applications/status_int/script',
58        )
59
60        assert 'success' in self.conf(
61            '"/ruby/status_int"', 'applications/status_int/working_directory',
62        )
63
64        assert self.get()['status'] == 200, 'status int'
65
66    def test_ruby_isolation_rootfs(self, is_su):
67        if not is_su:
68            pytest.skip('requires root')
69            return
70
71        isolation = {'rootfs': option.test_dir}
72
73        self.load('status_int', isolation=isolation)
74
75        assert 'success' in self.conf(
76            '"/ruby/status_int/config.ru"', 'applications/status_int/script',
77        )
78
79        assert 'success' in self.conf(
80            '"/ruby/status_int"', 'applications/status_int/working_directory',
81        )
82
83        assert self.get()['status'] == 200, 'status int'
84