xref: /unit/test/test_php_isolation.py (revision 1848:4bd548074e2c) 
1import pytest
2
3from unit.applications.lang.php import TestApplicationPHP
4from unit.option import option
5
6
7class TestPHPIsolation(TestApplicationPHP):
8    prerequisites = {'modules': {'php': 'any'}, 'features': ['isolation']}
9
10    def test_php_isolation_rootfs(self, is_su, temp_dir):
11        isolation_features = option.available['features']['isolation'].keys()
12
13        if not is_su:
14            if not 'unprivileged_userns_clone' in isolation_features:
15                pytest.skip('requires unprivileged userns or root')
16
17            if 'user' not in isolation_features:
18                pytest.skip('user namespace is not supported')
19
20            if 'mnt' not in isolation_features:
21                pytest.skip('mnt namespace is not supported')
22
23            if 'pid' not in isolation_features:
24                pytest.skip('pid namespace is not supported')
25
26        isolation = {'rootfs': temp_dir}
27
28        if not is_su:
29            isolation['namespaces'] = {
30                'mount': True,
31                'credential': True,
32                'pid': True,
33            }
34
35        self.load('phpinfo', isolation=isolation)
36
37        assert 'success' in self.conf(
38            '"/app/php/phpinfo"', 'applications/phpinfo/root'
39        )
40        assert 'success' in self.conf(
41            '"/app/php/phpinfo"', 'applications/phpinfo/working_directory'
42        )
43
44        assert self.get()['status'] == 200, 'empty rootfs'
45
46    def test_php_isolation_rootfs_extensions(self, is_su, temp_dir):
47        isolation_features = option.available['features']['isolation'].keys()
48
49        if not is_su:
50            if not 'unprivileged_userns_clone' in isolation_features:
51                pytest.skip('requires unprivileged userns or root')
52
53            if 'user' not in isolation_features:
54                pytest.skip('user namespace is not supported')
55
56            if 'mnt' not in isolation_features:
57                pytest.skip('mnt namespace is not supported')
58
59            if 'pid' not in isolation_features:
60                pytest.skip('pid namespace is not supported')
61
62        isolation = {'rootfs': temp_dir}
63
64        if not is_su:
65            isolation['namespaces'] = {
66                'mount': True,
67                'credential': True,
68                'pid': True,
69            }
70
71        self.load('list-extensions', isolation=isolation)
72
73        assert 'success' in self.conf(
74            '"/app/php/list-extensions"', 'applications/list-extensions/root'
75        )
76
77        assert 'success' in self.conf(
78            {'file': '/php/list-extensions/php.ini'},
79            'applications/list-extensions/options',
80        )
81
82        assert 'success' in self.conf(
83            '"/app/php/list-extensions"',
84            'applications/list-extensions/working_directory',
85        )
86
87        extensions = self.getjson()['body']
88
89        assert 'json' in extensions, 'json in extensions list'
90        assert 'unit' in extensions, 'unit in extensions list'
91