xref: /unit/test/test_php_isolation.py (revision 1971:3410f9d2a662) 
1import pytest
2from unit.applications.lang.php import TestApplicationPHP
3from unit.option import option
4
5
6class TestPHPIsolation(TestApplicationPHP):
7    prerequisites = {'modules': {'php': 'any'}, 'features': ['isolation']}
8
9    def test_php_isolation_rootfs(self, is_su, temp_dir):
10        isolation_features = option.available['features']['isolation'].keys()
11
12        if not is_su:
13            if not 'unprivileged_userns_clone' in isolation_features:
14                pytest.skip('requires unprivileged userns or root')
15
16            if 'user' not in isolation_features:
17                pytest.skip('user namespace is not supported')
18
19            if 'mnt' not in isolation_features:
20                pytest.skip('mnt namespace is not supported')
21
22            if 'pid' not in isolation_features:
23                pytest.skip('pid namespace is not supported')
24
25        isolation = {'rootfs': temp_dir}
26
27        if not is_su:
28            isolation['namespaces'] = {
29                'mount': True,
30                'credential': True,
31                'pid': True,
32            }
33
34        self.load('phpinfo', isolation=isolation)
35
36        assert 'success' in self.conf(
37            '"/app/php/phpinfo"', 'applications/phpinfo/root'
38        )
39        assert 'success' in self.conf(
40            '"/app/php/phpinfo"', 'applications/phpinfo/working_directory'
41        )
42
43        assert self.get()['status'] == 200, 'empty rootfs'
44
45    def test_php_isolation_rootfs_extensions(self, is_su, temp_dir):
46        isolation_features = option.available['features']['isolation'].keys()
47
48        if not is_su:
49            if not 'unprivileged_userns_clone' in isolation_features:
50                pytest.skip('requires unprivileged userns or root')
51
52            if 'user' not in isolation_features:
53                pytest.skip('user namespace is not supported')
54
55            if 'mnt' not in isolation_features:
56                pytest.skip('mnt namespace is not supported')
57
58            if 'pid' not in isolation_features:
59                pytest.skip('pid namespace is not supported')
60
61        isolation = {'rootfs': temp_dir}
62
63        if not is_su:
64            isolation['namespaces'] = {
65                'mount': True,
66                'credential': True,
67                'pid': True,
68            }
69
70        self.load('list-extensions', isolation=isolation)
71
72        assert 'success' in self.conf(
73            '"/app/php/list-extensions"', 'applications/list-extensions/root'
74        )
75
76        assert 'success' in self.conf(
77            {'file': '/php/list-extensions/php.ini'},
78            'applications/list-extensions/options',
79        )
80
81        assert 'success' in self.conf(
82            '"/app/php/list-extensions"',
83            'applications/list-extensions/working_directory',
84        )
85
86        extensions = self.getjson()['body']
87
88        assert 'json' in extensions, 'json in extensions list'
89        assert 'unit' in extensions, 'unit in extensions list'
90