diff options
| author | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2020-11-16 17:22:10 +0000 |
|---|---|---|
| committer | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2020-11-16 17:22:10 +0000 |
| commit | bbc29df8fe4400e881829741c969f2fb77487423 (patch) | |
| tree | 713195a9db5ebf4228e03eb5a344f62af35fb94d | |
| parent | 567f0a7b3049f4532524ac35cb232cbeedb868bf (diff) | |
| download | unit-bbc29df8fe4400e881829741c969f2fb77487423.tar.gz unit-bbc29df8fe4400e881829741c969f2fb77487423.tar.bz2 | |
Tests: tmpfs automount.
| -rw-r--r-- | test/go/ns_inspect/app.go | 7 | ||||
| -rw-r--r-- | test/test_go_isolation.py | 25 |
2 files changed, 29 insertions, 3 deletions
diff --git a/test/go/ns_inspect/app.go b/test/go/ns_inspect/app.go index 4d19a796..570580e6 100644 --- a/test/go/ns_inspect/app.go +++ b/test/go/ns_inspect/app.go @@ -7,6 +7,7 @@ import ( "unit.nginx.org/go" "os" "strconv" + "io/ioutil" ) type ( @@ -26,6 +27,7 @@ type ( GID int NS NS FileExists bool + Mounts string } ) @@ -77,6 +79,11 @@ func handler(w http.ResponseWriter, r *http.Request) { out.FileExists = err == nil } + if mounts := r.Form.Get("mounts"); mounts != "" { + data, _ := ioutil.ReadFile("/proc/self/mountinfo") + out.Mounts = string(data) + } + data, err := json.Marshal(out) if err != nil { w.WriteHeader(http.StatusInternalServerError) diff --git a/test/test_go_isolation.py b/test/test_go_isolation.py index e3a0a210..8c4a6b9c 100644 --- a/test/test_go_isolation.py +++ b/test/test_go_isolation.py @@ -332,7 +332,12 @@ class TestGoIsolation(TestApplicationGo): obj = self.getjson(url='/?file=/bin/sh')['body'] assert obj['FileExists'] == False, 'file should not exists' - def test_go_isolation_rootfs_default_tmpfs(self, is_su, temp_dir): + def test_go_isolation_rootfs_automount_tmpfs(self, is_su, temp_dir): + try: + open("/proc/self/mountinfo") + except: + pytest.skip('The system lacks /proc/self/mountinfo file') + if not is_su: if not self.isolation_key('unprivileged_userns_clone'): pytest.skip('unprivileged clone is not available') @@ -357,6 +362,20 @@ class TestGoIsolation(TestApplicationGo): self.load('ns_inspect', isolation=isolation) - obj = self.getjson(url='/?file=/tmp')['body'] + obj = self.getjson(url='/?mounts=true')['body'] + + assert ( + "/ /tmp" in obj['Mounts'] and "tmpfs" in obj['Mounts'] + ), 'app has /tmp mounted on /' + + isolation['automount'] = { + 'tmpfs': False + } + + self.load('ns_inspect', isolation=isolation) + + obj = self.getjson(url='/?mounts=true')['body'] - assert obj['FileExists'] == True, 'app has /tmp' + assert ( + "/ /tmp" not in obj['Mounts'] and "tmpfs" not in obj['Mounts'] + ), 'app has no /tmp mounted' |