xref: /unit/test/test_ruby_isolation.py (revision 2073:bc6ad31ce286)
11596Szelenkov@nginx.comimport pytest
21490St.nateldemoura@f5.comfrom unit.applications.lang.ruby import TestApplicationRuby
31730Szelenkov@nginx.comfrom unit.option import option
41490St.nateldemoura@f5.com
51490St.nateldemoura@f5.com
61490St.nateldemoura@f5.comclass TestRubyIsolation(TestApplicationRuby):
71490St.nateldemoura@f5.com    prerequisites = {'modules': {'ruby': 'any'}, 'features': ['isolation']}
81490St.nateldemoura@f5.com
91737St.nateldemoura@f5.com    def test_ruby_isolation_rootfs(self, is_su):
101654Szelenkov@nginx.com        isolation_features = option.available['features']['isolation'].keys()
111490St.nateldemoura@f5.com
121596Szelenkov@nginx.com        if not is_su:
131490St.nateldemoura@f5.com            if not 'unprivileged_userns_clone' in isolation_features:
141596Szelenkov@nginx.com                pytest.skip('requires unprivileged userns or root')
151490St.nateldemoura@f5.com
161673St.nateldemoura@f5.com            if 'user' not in isolation_features:
171673St.nateldemoura@f5.com                pytest.skip('user namespace is not supported')
181673St.nateldemoura@f5.com
191673St.nateldemoura@f5.com            if 'mnt' not in isolation_features:
201673St.nateldemoura@f5.com                pytest.skip('mnt namespace is not supported')
211673St.nateldemoura@f5.com
221673St.nateldemoura@f5.com            if 'pid' not in isolation_features:
231673St.nateldemoura@f5.com                pytest.skip('pid namespace is not supported')
241673St.nateldemoura@f5.com
251737St.nateldemoura@f5.com        isolation = {'rootfs': option.temp_dir}
261673St.nateldemoura@f5.com
271673St.nateldemoura@f5.com        if not is_su:
281673St.nateldemoura@f5.com            isolation['namespaces'] = {
291673St.nateldemoura@f5.com                'mount': True,
301673St.nateldemoura@f5.com                'credential': True,
311737St.nateldemoura@f5.com                'pid': True,
321673St.nateldemoura@f5.com            }
331490St.nateldemoura@f5.com
341490St.nateldemoura@f5.com        self.load('status_int', isolation=isolation)
351490St.nateldemoura@f5.com
361596Szelenkov@nginx.com        assert 'success' in self.conf(
37*2073Szelenkov@nginx.com            '"/ruby/status_int/config.ru"',
38*2073Szelenkov@nginx.com            'applications/status_int/script',
391490St.nateldemoura@f5.com        )
401490St.nateldemoura@f5.com
411596Szelenkov@nginx.com        assert 'success' in self.conf(
42*2073Szelenkov@nginx.com            '"/ruby/status_int"',
43*2073Szelenkov@nginx.com            'applications/status_int/working_directory',
441490St.nateldemoura@f5.com        )
451490St.nateldemoura@f5.com
461596Szelenkov@nginx.com        assert self.get()['status'] == 200, 'status int'
47