Deleted
Added
| test_python_isolation.py (1635:97afbb6c5a15) | test_python_isolation.py (1654:fc7d0578e124) |
|---|---|
| 1import shutil 2 |
|
| 1import pytest 2 | 3import pytest 4 |
| 5from conftest import option 6from conftest import unit_run 7from conftest import unit_stop |
|
| 3from unit.applications.lang.python import TestApplicationPython 4from unit.feature.isolation import TestFeatureIsolation 5 6 7class TestPythonIsolation(TestApplicationPython): 8 prerequisites = {'modules': {'python': 'any'}, 'features': ['isolation']} 9 | 8from unit.applications.lang.python import TestApplicationPython 9from unit.feature.isolation import TestFeatureIsolation 10 11 12class TestPythonIsolation(TestApplicationPython): 13 prerequisites = {'modules': {'python': 'any'}, 'features': ['isolation']} 14 |
| 10 isolation = TestFeatureIsolation() 11 | |
| 12 @classmethod 13 def setup_class(cls, complete_check=True): | 15 @classmethod 16 def setup_class(cls, complete_check=True): |
| 14 unit = super().setup_class(complete_check=False) | 17 check = super().setup_class(complete_check=False) |
| 15 | 18 |
| 16 TestFeatureIsolation().check(cls.available, unit.temp_dir) | 19 unit = unit_run() 20 option.temp_dir = unit['temp_dir'] |
| 17 | 21 |
| 18 return unit if not complete_check else unit.complete() | 22 TestFeatureIsolation().check(option.available, unit['temp_dir']) |
| 19 | 23 |
| 20 def test_python_isolation_rootfs(self, is_su): 21 isolation_features = self.available['features']['isolation'].keys() | 24 assert unit_stop() is None 25 shutil.rmtree(unit['temp_dir']) |
| 22 | 26 |
| 27 return check if not complete_check else check() 28 29 def test_python_isolation_rootfs(self, is_su, temp_dir): 30 isolation_features = option.available['features']['isolation'].keys() 31 |
|
| 23 if 'mnt' not in isolation_features: 24 pytest.skip('requires mnt ns') 25 26 if not is_su: 27 if 'user' not in isolation_features: 28 pytest.skip('requires unprivileged userns or root') 29 30 if not 'unprivileged_userns_clone' in isolation_features: 31 pytest.skip('requires unprivileged userns or root') 32 33 isolation = { 34 'namespaces': {'credential': not is_su, 'mount': True}, | 32 if 'mnt' not in isolation_features: 33 pytest.skip('requires mnt ns') 34 35 if not is_su: 36 if 'user' not in isolation_features: 37 pytest.skip('requires unprivileged userns or root') 38 39 if not 'unprivileged_userns_clone' in isolation_features: 40 pytest.skip('requires unprivileged userns or root') 41 42 isolation = { 43 'namespaces': {'credential': not is_su, 'mount': True}, |
| 35 'rootfs': self.temp_dir, | 44 'rootfs': temp_dir, |
| 36 } 37 38 self.load('empty', isolation=isolation) 39 40 assert self.get()['status'] == 200, 'python rootfs' 41 42 self.load('ns_inspect', isolation=isolation) 43 44 assert ( | 45 } 46 47 self.load('empty', isolation=isolation) 48 49 assert self.get()['status'] == 200, 'python rootfs' 50 51 self.load('ns_inspect', isolation=isolation) 52 53 assert ( |
| 45 self.getjson(url='/?path=' + self.temp_dir)['body']['FileExists'] | 54 self.getjson(url='/?path=' + temp_dir)['body']['FileExists'] |
| 46 == False 47 ), 'temp_dir does not exists in rootfs' 48 49 assert ( 50 self.getjson(url='/?path=/proc/self')['body']['FileExists'] 51 == False 52 ), 'no /proc/self' 53 --- 7 unchanged lines hidden (view full) --- 61 ), 'no /sys/kernel' 62 63 ret = self.getjson(url='/?path=/app/python/ns_inspect') 64 65 assert ( 66 ret['body']['FileExists'] == True 67 ), 'application exists in rootfs' 68 | 55 == False 56 ), 'temp_dir does not exists in rootfs' 57 58 assert ( 59 self.getjson(url='/?path=/proc/self')['body']['FileExists'] 60 == False 61 ), 'no /proc/self' 62 --- 7 unchanged lines hidden (view full) --- 70 ), 'no /sys/kernel' 71 72 ret = self.getjson(url='/?path=/app/python/ns_inspect') 73 74 assert ( 75 ret['body']['FileExists'] == True 76 ), 'application exists in rootfs' 77 |
| 69 def test_python_isolation_rootfs_no_language_deps(self, is_su): 70 isolation_features = self.available['features']['isolation'].keys() | 78 def test_python_isolation_rootfs_no_language_deps(self, is_su, temp_dir): 79 isolation_features = option.available['features']['isolation'].keys() |
| 71 72 if 'mnt' not in isolation_features: 73 pytest.skip('requires mnt ns') 74 75 if not is_su: 76 if 'user' not in isolation_features: 77 pytest.skip('requires unprivileged userns or root') 78 79 if not 'unprivileged_userns_clone' in isolation_features: 80 pytest.skip('requires unprivileged userns or root') 81 82 isolation = { 83 'namespaces': {'credential': not is_su, 'mount': True}, | 80 81 if 'mnt' not in isolation_features: 82 pytest.skip('requires mnt ns') 83 84 if not is_su: 85 if 'user' not in isolation_features: 86 pytest.skip('requires unprivileged userns or root') 87 88 if not 'unprivileged_userns_clone' in isolation_features: 89 pytest.skip('requires unprivileged userns or root') 90 91 isolation = { 92 'namespaces': {'credential': not is_su, 'mount': True}, |
| 84 'rootfs': self.temp_dir, | 93 'rootfs': temp_dir, |
| 85 'automount': {'language_deps': False} 86 } 87 88 self.load('empty', isolation=isolation) 89 90 assert (self.get()['status'] != 200), 'disabled language_deps' 91 92 isolation['automount']['language_deps'] = True 93 94 self.load('empty', isolation=isolation) 95 96 assert (self.get()['status'] == 200), 'enabled language_deps' | 94 'automount': {'language_deps': False} 95 } 96 97 self.load('empty', isolation=isolation) 98 99 assert (self.get()['status'] != 200), 'disabled language_deps' 100 101 isolation['automount']['language_deps'] = True 102 103 self.load('empty', isolation=isolation) 104 105 assert (self.get()['status'] == 200), 'enabled language_deps' |