11596Szelenkov@nginx.comimport pytest 2*1848Szelenkov@nginx.com 31490St.nateldemoura@f5.comfrom unit.applications.lang.php import TestApplicationPHP 41730Szelenkov@nginx.comfrom unit.option import option 51490St.nateldemoura@f5.com 61490St.nateldemoura@f5.com 71490St.nateldemoura@f5.comclass TestPHPIsolation(TestApplicationPHP): 81490St.nateldemoura@f5.com prerequisites = {'modules': {'php': 'any'}, 'features': ['isolation']} 91490St.nateldemoura@f5.com 101673St.nateldemoura@f5.com def test_php_isolation_rootfs(self, is_su, temp_dir): 111654Szelenkov@nginx.com isolation_features = option.available['features']['isolation'].keys() 121490St.nateldemoura@f5.com 131596Szelenkov@nginx.com if not is_su: 141490St.nateldemoura@f5.com if not 'unprivileged_userns_clone' in isolation_features: 151596Szelenkov@nginx.com pytest.skip('requires unprivileged userns or root') 161490St.nateldemoura@f5.com 171673St.nateldemoura@f5.com if 'user' not in isolation_features: 181673St.nateldemoura@f5.com pytest.skip('user namespace is not supported') 191673St.nateldemoura@f5.com 201673St.nateldemoura@f5.com if 'mnt' not in isolation_features: 211673St.nateldemoura@f5.com pytest.skip('mnt namespace is not supported') 221673St.nateldemoura@f5.com 231673St.nateldemoura@f5.com if 'pid' not in isolation_features: 241673St.nateldemoura@f5.com pytest.skip('pid namespace is not supported') 251673St.nateldemoura@f5.com 261673St.nateldemoura@f5.com isolation = {'rootfs': temp_dir} 271673St.nateldemoura@f5.com 281673St.nateldemoura@f5.com if not is_su: 291673St.nateldemoura@f5.com isolation['namespaces'] = { 301673St.nateldemoura@f5.com 'mount': True, 311673St.nateldemoura@f5.com 'credential': True, 32*1848Szelenkov@nginx.com 'pid': True, 331673St.nateldemoura@f5.com } 341490St.nateldemoura@f5.com 351490St.nateldemoura@f5.com self.load('phpinfo', isolation=isolation) 361490St.nateldemoura@f5.com 371596Szelenkov@nginx.com assert 'success' in self.conf( 381673St.nateldemoura@f5.com '"/app/php/phpinfo"', 'applications/phpinfo/root' 391490St.nateldemoura@f5.com ) 401596Szelenkov@nginx.com assert 'success' in self.conf( 411673St.nateldemoura@f5.com '"/app/php/phpinfo"', 'applications/phpinfo/working_directory' 421490St.nateldemoura@f5.com ) 431490St.nateldemoura@f5.com 441596Szelenkov@nginx.com assert self.get()['status'] == 200, 'empty rootfs' 451490St.nateldemoura@f5.com 461673St.nateldemoura@f5.com def test_php_isolation_rootfs_extensions(self, is_su, temp_dir): 471654Szelenkov@nginx.com isolation_features = option.available['features']['isolation'].keys() 481584St.nateldemoura@f5.com 491596Szelenkov@nginx.com if not is_su: 501584St.nateldemoura@f5.com if not 'unprivileged_userns_clone' in isolation_features: 511596Szelenkov@nginx.com pytest.skip('requires unprivileged userns or root') 521584St.nateldemoura@f5.com 531673St.nateldemoura@f5.com if 'user' not in isolation_features: 541673St.nateldemoura@f5.com pytest.skip('user namespace is not supported') 551673St.nateldemoura@f5.com 561584St.nateldemoura@f5.com if 'mnt' not in isolation_features: 571673St.nateldemoura@f5.com pytest.skip('mnt namespace is not supported') 581673St.nateldemoura@f5.com 591673St.nateldemoura@f5.com if 'pid' not in isolation_features: 601673St.nateldemoura@f5.com pytest.skip('pid namespace is not supported') 611584St.nateldemoura@f5.com 621673St.nateldemoura@f5.com isolation = {'rootfs': temp_dir} 631673St.nateldemoura@f5.com 641673St.nateldemoura@f5.com if not is_su: 651673St.nateldemoura@f5.com isolation['namespaces'] = { 661673St.nateldemoura@f5.com 'mount': True, 671673St.nateldemoura@f5.com 'credential': True, 68*1848Szelenkov@nginx.com 'pid': True, 691673St.nateldemoura@f5.com } 701584St.nateldemoura@f5.com 711584St.nateldemoura@f5.com self.load('list-extensions', isolation=isolation) 721584St.nateldemoura@f5.com 731596Szelenkov@nginx.com assert 'success' in self.conf( 741673St.nateldemoura@f5.com '"/app/php/list-extensions"', 'applications/list-extensions/root' 751584St.nateldemoura@f5.com ) 761584St.nateldemoura@f5.com 771596Szelenkov@nginx.com assert 'success' in self.conf( 781596Szelenkov@nginx.com {'file': '/php/list-extensions/php.ini'}, 791596Szelenkov@nginx.com 'applications/list-extensions/options', 801584St.nateldemoura@f5.com ) 811584St.nateldemoura@f5.com 821596Szelenkov@nginx.com assert 'success' in self.conf( 831673St.nateldemoura@f5.com '"/app/php/list-extensions"', 841596Szelenkov@nginx.com 'applications/list-extensions/working_directory', 851584St.nateldemoura@f5.com ) 861584St.nateldemoura@f5.com 871584St.nateldemoura@f5.com extensions = self.getjson()['body'] 881584St.nateldemoura@f5.com 891596Szelenkov@nginx.com assert 'json' in extensions, 'json in extensions list' 901596Szelenkov@nginx.com assert 'unit' in extensions, 'unit in extensions list' 91