11596Szelenkov@nginx.comimport pytest 21490St.nateldemoura@f5.comfrom unit.applications.lang.php import TestApplicationPHP 31730Szelenkov@nginx.comfrom unit.option import option 41490St.nateldemoura@f5.com 51490St.nateldemoura@f5.com 61490St.nateldemoura@f5.comclass TestPHPIsolation(TestApplicationPHP): 71490St.nateldemoura@f5.com prerequisites = {'modules': {'php': 'any'}, 'features': ['isolation']} 81490St.nateldemoura@f5.com 91673St.nateldemoura@f5.com def test_php_isolation_rootfs(self, is_su, temp_dir): 101654Szelenkov@nginx.com isolation_features = option.available['features']['isolation'].keys() 111490St.nateldemoura@f5.com 121596Szelenkov@nginx.com if not is_su: 131490St.nateldemoura@f5.com if not 'unprivileged_userns_clone' in isolation_features: 141596Szelenkov@nginx.com pytest.skip('requires unprivileged userns or root') 151490St.nateldemoura@f5.com 161673St.nateldemoura@f5.com if 'user' not in isolation_features: 171673St.nateldemoura@f5.com pytest.skip('user namespace is not supported') 181673St.nateldemoura@f5.com 191673St.nateldemoura@f5.com if 'mnt' not in isolation_features: 201673St.nateldemoura@f5.com pytest.skip('mnt namespace is not supported') 211673St.nateldemoura@f5.com 221673St.nateldemoura@f5.com if 'pid' not in isolation_features: 231673St.nateldemoura@f5.com pytest.skip('pid namespace is not supported') 241673St.nateldemoura@f5.com 251673St.nateldemoura@f5.com isolation = {'rootfs': temp_dir} 261673St.nateldemoura@f5.com 271673St.nateldemoura@f5.com if not is_su: 281673St.nateldemoura@f5.com isolation['namespaces'] = { 291673St.nateldemoura@f5.com 'mount': True, 301673St.nateldemoura@f5.com 'credential': True, 31*1848Szelenkov@nginx.com 'pid': True, 321673St.nateldemoura@f5.com } 331490St.nateldemoura@f5.com 341490St.nateldemoura@f5.com self.load('phpinfo', isolation=isolation) 351490St.nateldemoura@f5.com 361596Szelenkov@nginx.com assert 'success' in self.conf( 371673St.nateldemoura@f5.com '"/app/php/phpinfo"', 'applications/phpinfo/root' 381490St.nateldemoura@f5.com ) 391596Szelenkov@nginx.com assert 'success' in self.conf( 401673St.nateldemoura@f5.com '"/app/php/phpinfo"', 'applications/phpinfo/working_directory' 411490St.nateldemoura@f5.com ) 421490St.nateldemoura@f5.com 431596Szelenkov@nginx.com assert self.get()['status'] == 200, 'empty rootfs' 441490St.nateldemoura@f5.com 451673St.nateldemoura@f5.com def test_php_isolation_rootfs_extensions(self, is_su, temp_dir): 461654Szelenkov@nginx.com isolation_features = option.available['features']['isolation'].keys() 471584St.nateldemoura@f5.com 481596Szelenkov@nginx.com if not is_su: 491584St.nateldemoura@f5.com if not 'unprivileged_userns_clone' in isolation_features: 501596Szelenkov@nginx.com pytest.skip('requires unprivileged userns or root') 511584St.nateldemoura@f5.com 521673St.nateldemoura@f5.com if 'user' not in isolation_features: 531673St.nateldemoura@f5.com pytest.skip('user namespace is not supported') 541673St.nateldemoura@f5.com 551584St.nateldemoura@f5.com if 'mnt' not in isolation_features: 561673St.nateldemoura@f5.com pytest.skip('mnt namespace is not supported') 571673St.nateldemoura@f5.com 581673St.nateldemoura@f5.com if 'pid' not in isolation_features: 591673St.nateldemoura@f5.com pytest.skip('pid namespace is not supported') 601584St.nateldemoura@f5.com 611673St.nateldemoura@f5.com isolation = {'rootfs': temp_dir} 621673St.nateldemoura@f5.com 631673St.nateldemoura@f5.com if not is_su: 641673St.nateldemoura@f5.com isolation['namespaces'] = { 651673St.nateldemoura@f5.com 'mount': True, 661673St.nateldemoura@f5.com 'credential': True, 67*1848Szelenkov@nginx.com 'pid': True, 681673St.nateldemoura@f5.com } 691584St.nateldemoura@f5.com 701584St.nateldemoura@f5.com self.load('list-extensions', isolation=isolation) 711584St.nateldemoura@f5.com 721596Szelenkov@nginx.com assert 'success' in self.conf( 731673St.nateldemoura@f5.com '"/app/php/list-extensions"', 'applications/list-extensions/root' 741584St.nateldemoura@f5.com ) 751584St.nateldemoura@f5.com 761596Szelenkov@nginx.com assert 'success' in self.conf( 771596Szelenkov@nginx.com {'file': '/php/list-extensions/php.ini'}, 781596Szelenkov@nginx.com 'applications/list-extensions/options', 791584St.nateldemoura@f5.com ) 801584St.nateldemoura@f5.com 811596Szelenkov@nginx.com assert 'success' in self.conf( 821673St.nateldemoura@f5.com '"/app/php/list-extensions"', 831596Szelenkov@nginx.com 'applications/list-extensions/working_directory', 841584St.nateldemoura@f5.com ) 851584St.nateldemoura@f5.com 861584St.nateldemoura@f5.com extensions = self.getjson()['body'] 871584St.nateldemoura@f5.com 881596Szelenkov@nginx.com assert 'json' in extensions, 'json in extensions list' 891596Szelenkov@nginx.com assert 'unit' in extensions, 'unit in extensions list' 90