11740Szelenkov@nginx.comimport json 21740Szelenkov@nginx.comimport os 31740Szelenkov@nginx.com 41740Szelenkov@nginx.comfrom unit.applications.lang.go import TestApplicationGo 51740Szelenkov@nginx.comfrom unit.applications.lang.java import TestApplicationJava 6*1971Szelenkov@nginx.comfrom unit.applications.lang.node import TestApplicationNode 71911So.canty@f5.comfrom unit.applications.lang.ruby import TestApplicationRuby 81740Szelenkov@nginx.comfrom unit.http import TestHTTP 91740Szelenkov@nginx.comfrom unit.option import option 101740Szelenkov@nginx.comfrom unit.utils import getns 111740Szelenkov@nginx.com 121740Szelenkov@nginx.comallns = ['pid', 'mnt', 'ipc', 'uts', 'cgroup', 'net'] 131740Szelenkov@nginx.comhttp = TestHTTP() 141740Szelenkov@nginx.com 151848Szelenkov@nginx.com 161740Szelenkov@nginx.comdef check_isolation(): 171740Szelenkov@nginx.com test_conf = {"namespaces": {"credential": True}} 181740Szelenkov@nginx.com available = option.available 191740Szelenkov@nginx.com 201740Szelenkov@nginx.com conf = '' 211740Szelenkov@nginx.com if 'go' in available['modules']: 221740Szelenkov@nginx.com TestApplicationGo().prepare_env('empty', 'app') 231740Szelenkov@nginx.com 241740Szelenkov@nginx.com conf = { 251740Szelenkov@nginx.com "listeners": {"*:7080": {"pass": "applications/empty"}}, 261740Szelenkov@nginx.com "applications": { 271740Szelenkov@nginx.com "empty": { 281740Szelenkov@nginx.com "type": "external", 291740Szelenkov@nginx.com "processes": {"spare": 0}, 301740Szelenkov@nginx.com "working_directory": option.test_dir + "/go/empty", 311740Szelenkov@nginx.com "executable": option.temp_dir + "/go/app", 321740Szelenkov@nginx.com "isolation": {"namespaces": {"credential": True}}, 331740Szelenkov@nginx.com }, 341740Szelenkov@nginx.com }, 351740Szelenkov@nginx.com } 361740Szelenkov@nginx.com 371740Szelenkov@nginx.com elif 'python' in available['modules']: 381740Szelenkov@nginx.com conf = { 391740Szelenkov@nginx.com "listeners": {"*:7080": {"pass": "applications/empty"}}, 401740Szelenkov@nginx.com "applications": { 411740Szelenkov@nginx.com "empty": { 421740Szelenkov@nginx.com "type": "python", 431740Szelenkov@nginx.com "processes": {"spare": 0}, 441740Szelenkov@nginx.com "path": option.test_dir + "/python/empty", 451740Szelenkov@nginx.com "working_directory": option.test_dir + "/python/empty", 461740Szelenkov@nginx.com "module": "wsgi", 471740Szelenkov@nginx.com "isolation": {"namespaces": {"credential": True}}, 481740Szelenkov@nginx.com } 491740Szelenkov@nginx.com }, 501740Szelenkov@nginx.com } 511740Szelenkov@nginx.com 521740Szelenkov@nginx.com elif 'php' in available['modules']: 531740Szelenkov@nginx.com conf = { 541740Szelenkov@nginx.com "listeners": {"*:7080": {"pass": "applications/phpinfo"}}, 551740Szelenkov@nginx.com "applications": { 561740Szelenkov@nginx.com "phpinfo": { 571740Szelenkov@nginx.com "type": "php", 581740Szelenkov@nginx.com "processes": {"spare": 0}, 591740Szelenkov@nginx.com "root": option.test_dir + "/php/phpinfo", 601740Szelenkov@nginx.com "working_directory": option.test_dir + "/php/phpinfo", 611740Szelenkov@nginx.com "index": "index.php", 621740Szelenkov@nginx.com "isolation": {"namespaces": {"credential": True}}, 631740Szelenkov@nginx.com } 641740Szelenkov@nginx.com }, 651740Szelenkov@nginx.com } 661740Szelenkov@nginx.com 671740Szelenkov@nginx.com elif 'ruby' in available['modules']: 681911So.canty@f5.com TestApplicationRuby().prepare_env('empty') 691911So.canty@f5.com 701740Szelenkov@nginx.com conf = { 711740Szelenkov@nginx.com "listeners": {"*:7080": {"pass": "applications/empty"}}, 721740Szelenkov@nginx.com "applications": { 731740Szelenkov@nginx.com "empty": { 741740Szelenkov@nginx.com "type": "ruby", 751740Szelenkov@nginx.com "processes": {"spare": 0}, 761911So.canty@f5.com "working_directory": option.temp_dir + "/ruby/empty", 771911So.canty@f5.com "script": option.temp_dir + "/ruby/empty/config.ru", 781740Szelenkov@nginx.com "isolation": {"namespaces": {"credential": True}}, 791740Szelenkov@nginx.com } 801740Szelenkov@nginx.com }, 811740Szelenkov@nginx.com } 821740Szelenkov@nginx.com 831740Szelenkov@nginx.com elif 'java' in available['modules']: 841740Szelenkov@nginx.com TestApplicationJava().prepare_env('empty') 851740Szelenkov@nginx.com 861740Szelenkov@nginx.com conf = { 871740Szelenkov@nginx.com "listeners": {"*:7080": {"pass": "applications/empty"}}, 881740Szelenkov@nginx.com "applications": { 891740Szelenkov@nginx.com "empty": { 901740Szelenkov@nginx.com "unit_jars": option.current_dir + "/build", 911740Szelenkov@nginx.com "type": "java", 921740Szelenkov@nginx.com "processes": {"spare": 0}, 931740Szelenkov@nginx.com "working_directory": option.test_dir + "/java/empty/", 941740Szelenkov@nginx.com "webapp": option.temp_dir + "/java", 951740Szelenkov@nginx.com "isolation": {"namespaces": {"credential": True}}, 961740Szelenkov@nginx.com } 971740Szelenkov@nginx.com }, 981740Szelenkov@nginx.com } 991740Szelenkov@nginx.com 1001740Szelenkov@nginx.com elif 'node' in available['modules']: 1011740Szelenkov@nginx.com TestApplicationNode().prepare_env('basic') 1021740Szelenkov@nginx.com 1031740Szelenkov@nginx.com conf = { 1041740Szelenkov@nginx.com "listeners": {"*:7080": {"pass": "applications/basic"}}, 1051740Szelenkov@nginx.com "applications": { 1061740Szelenkov@nginx.com "basic": { 1071740Szelenkov@nginx.com "type": "external", 1081740Szelenkov@nginx.com "processes": {"spare": 0}, 1091740Szelenkov@nginx.com "working_directory": option.temp_dir + "/node", 1101740Szelenkov@nginx.com "executable": "app.js", 1111740Szelenkov@nginx.com "isolation": {"namespaces": {"credential": True}}, 1121740Szelenkov@nginx.com } 1131740Szelenkov@nginx.com }, 1141740Szelenkov@nginx.com } 1151740Szelenkov@nginx.com 1161740Szelenkov@nginx.com elif 'perl' in available['modules']: 1171740Szelenkov@nginx.com conf = { 1181740Szelenkov@nginx.com "listeners": {"*:7080": {"pass": "applications/body_empty"}}, 1191740Szelenkov@nginx.com "applications": { 1201740Szelenkov@nginx.com "body_empty": { 1211740Szelenkov@nginx.com "type": "perl", 1221740Szelenkov@nginx.com "processes": {"spare": 0}, 1231848Szelenkov@nginx.com "working_directory": option.test_dir + "/perl/body_empty", 1241740Szelenkov@nginx.com "script": option.test_dir + "/perl/body_empty/psgi.pl", 1251740Szelenkov@nginx.com "isolation": {"namespaces": {"credential": True}}, 1261740Szelenkov@nginx.com } 1271740Szelenkov@nginx.com }, 1281740Szelenkov@nginx.com } 1291740Szelenkov@nginx.com 1301740Szelenkov@nginx.com else: 1311740Szelenkov@nginx.com return 1321740Szelenkov@nginx.com 1331740Szelenkov@nginx.com resp = http.put( 1341740Szelenkov@nginx.com url='/config', 1351740Szelenkov@nginx.com sock_type='unix', 1361740Szelenkov@nginx.com addr=option.temp_dir + '/control.unit.sock', 1371740Szelenkov@nginx.com body=json.dumps(conf), 1381740Szelenkov@nginx.com ) 1391740Szelenkov@nginx.com 1401746St.nateldemoura@f5.com if 'success' not in resp['body']: 1411740Szelenkov@nginx.com return 1421740Szelenkov@nginx.com 1431740Szelenkov@nginx.com userns = getns('user') 1441740Szelenkov@nginx.com if not userns: 1451740Szelenkov@nginx.com return 1461740Szelenkov@nginx.com 1471740Szelenkov@nginx.com available['features']['isolation'] = {'user': userns} 1481740Szelenkov@nginx.com 1491740Szelenkov@nginx.com unp_clone_path = '/proc/sys/kernel/unprivileged_userns_clone' 1501740Szelenkov@nginx.com if os.path.exists(unp_clone_path): 1511740Szelenkov@nginx.com with open(unp_clone_path, 'r') as f: 1521740Szelenkov@nginx.com if str(f.read()).rstrip() == '1': 1531740Szelenkov@nginx.com available['features']['isolation'][ 1541740Szelenkov@nginx.com 'unprivileged_userns_clone' 1551740Szelenkov@nginx.com ] = True 1561740Szelenkov@nginx.com 1571740Szelenkov@nginx.com for ns in allns: 1581740Szelenkov@nginx.com ns_value = getns(ns) 1591740Szelenkov@nginx.com if ns_value: 1601740Szelenkov@nginx.com available['features']['isolation'][ns] = ns_value 161