diff options
author | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2020-05-28 14:59:52 +0100 |
---|---|---|
committer | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2020-05-28 14:59:52 +0100 |
commit | 08b765ae4289f399bb3642d327ccf402efca3537 (patch) | |
tree | 972afb5db99730305f22c71a05bd319a9ad526a7 /test/test_go_isolation.py | |
parent | e2b53e16c60ba1e3bbbe59172c184e97f889326b (diff) | |
download | unit-08b765ae4289f399bb3642d327ccf402efca3537.tar.gz unit-08b765ae4289f399bb3642d327ccf402efca3537.tar.bz2 |
Tests: Added rootfs tests.
Diffstat (limited to '')
-rw-r--r-- | test/test_go_isolation.py | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/test/test_go_isolation.py b/test/test_go_isolation.py index e6aade9b..61d39617 100644 --- a/test/test_go_isolation.py +++ b/test/test_go_isolation.py @@ -281,6 +281,52 @@ class TestGoIsolation(TestApplicationGo): '%s match' % ns, ) + def test_go_isolation_rootfs_container(self): + if not self.isolation_key('unprivileged_userns_clone'): + print('unprivileged clone is not available') + raise unittest.SkipTest() + + if not self.isolation_key('mnt'): + print('mnt namespace is not supported') + raise unittest.SkipTest() + + isolation = { + 'namespaces': {'mount': True, 'credential': True}, + 'rootfs': self.testdir, + } + + self.load('ns_inspect', isolation=isolation) + + obj = self.getjson(url='/?file=/go/app')['body'] + + self.assertEqual(obj['FileExists'], True, 'app relative to rootfs') + + obj = self.getjson(url='/?file=/bin/sh')['body'] + self.assertEqual(obj['FileExists'], False, 'file should not exists') + + def test_go_isolation_rootfs_container_priv(self): + if not self.is_su: + print("requires root") + raise unittest.SkipTest() + + if not self.isolation_key('mnt'): + print('mnt namespace is not supported') + raise unittest.SkipTest() + + isolation = { + 'namespaces': {'mount': True}, + 'rootfs': self.testdir, + } + + self.load('ns_inspect', isolation=isolation) + + obj = self.getjson(url='/?file=/go/app')['body'] + + self.assertEqual(obj['FileExists'], True, 'app relative to rootfs') + + obj = self.getjson(url='/?file=/bin/sh')['body'] + self.assertEqual(obj['FileExists'], False, 'file should not exists') + if __name__ == '__main__': TestGoIsolation.main() |