diff options
author | Andrei Belov <defan@nginx.com> | 2020-11-19 21:19:57 +0300 |
---|---|---|
committer | Andrei Belov <defan@nginx.com> | 2020-11-19 21:19:57 +0300 |
commit | 7f9079a3cd4cdb6ac3fea53f10bd34fe8b82fe9c (patch) | |
tree | c79dc48a3260156f3f824ecd299e5a4934d749c5 /test/test_php_isolation.py | |
parent | 646d047e5d12515ceac02279b373601ce0752982 (diff) | |
parent | 806a9b2515c60b12a68cd97af04f7fa5cb4dffed (diff) | |
download | unit-7f9079a3cd4cdb6ac3fea53f10bd34fe8b82fe9c.tar.gz unit-7f9079a3cd4cdb6ac3fea53f10bd34fe8b82fe9c.tar.bz2 |
Merged with the default branch.1.21.0-1
Diffstat (limited to 'test/test_php_isolation.py')
-rw-r--r-- | test/test_php_isolation.py | 82 |
1 files changed, 52 insertions, 30 deletions
diff --git a/test/test_php_isolation.py b/test/test_php_isolation.py index 8ab3419a..cc660e04 100644 --- a/test/test_php_isolation.py +++ b/test/test_php_isolation.py @@ -1,6 +1,10 @@ +import shutil + import pytest from conftest import option +from conftest import unit_run +from conftest import unit_stop from unit.applications.lang.php import TestApplicationPHP from unit.feature.isolation import TestFeatureIsolation @@ -8,67 +12,85 @@ from unit.feature.isolation import TestFeatureIsolation class TestPHPIsolation(TestApplicationPHP): prerequisites = {'modules': {'php': 'any'}, 'features': ['isolation']} - isolation = TestFeatureIsolation() - @classmethod def setup_class(cls, complete_check=True): - unit = super().setup_class(complete_check=False) + check = super().setup_class(complete_check=False) - TestFeatureIsolation().check(cls.available, unit.temp_dir) + unit = unit_run() + option.temp_dir = unit['temp_dir'] - return unit if not complete_check else unit.complete() + TestFeatureIsolation().check(option.available, unit['temp_dir']) - def test_php_isolation_rootfs(self, is_su): - isolation_features = self.available['features']['isolation'].keys() + assert unit_stop() is None + shutil.rmtree(unit['temp_dir']) - if 'mnt' not in isolation_features: - pytest.skip('requires mnt ns') + return check if not complete_check else check() - if not is_su: - if 'user' not in isolation_features: - pytest.skip('requires unprivileged userns or root') + def test_php_isolation_rootfs(self, is_su, temp_dir): + isolation_features = option.available['features']['isolation'].keys() + if not is_su: if not 'unprivileged_userns_clone' in isolation_features: pytest.skip('requires unprivileged userns or root') - isolation = { - 'namespaces': {'credential': not is_su, 'mount': True}, - 'rootfs': option.test_dir, - } + if 'user' not in isolation_features: + pytest.skip('user namespace is not supported') + + if 'mnt' not in isolation_features: + pytest.skip('mnt namespace is not supported') + + if 'pid' not in isolation_features: + pytest.skip('pid namespace is not supported') + + isolation = {'rootfs': temp_dir} + + if not is_su: + isolation['namespaces'] = { + 'mount': True, + 'credential': True, + 'pid': True + } self.load('phpinfo', isolation=isolation) assert 'success' in self.conf( - '"/php/phpinfo"', 'applications/phpinfo/root' + '"/app/php/phpinfo"', 'applications/phpinfo/root' ) assert 'success' in self.conf( - '"/php/phpinfo"', 'applications/phpinfo/working_directory' + '"/app/php/phpinfo"', 'applications/phpinfo/working_directory' ) assert self.get()['status'] == 200, 'empty rootfs' - def test_php_isolation_rootfs_extensions(self, is_su): - isolation_features = self.available['features']['isolation'].keys() + def test_php_isolation_rootfs_extensions(self, is_su, temp_dir): + isolation_features = option.available['features']['isolation'].keys() if not is_su: - if 'user' not in isolation_features: - pytest.skip('requires unprivileged userns or root') - if not 'unprivileged_userns_clone' in isolation_features: pytest.skip('requires unprivileged userns or root') + if 'user' not in isolation_features: + pytest.skip('user namespace is not supported') + if 'mnt' not in isolation_features: - pytest.skip('requires mnt ns') + pytest.skip('mnt namespace is not supported') + + if 'pid' not in isolation_features: + pytest.skip('pid namespace is not supported') - isolation = { - 'rootfs': option.test_dir, - 'namespaces': {'credential': not is_su, 'mount': not is_su}, - } + isolation = {'rootfs': temp_dir} + + if not is_su: + isolation['namespaces'] = { + 'mount': True, + 'credential': True, + 'pid': True + } self.load('list-extensions', isolation=isolation) assert 'success' in self.conf( - '"/php/list-extensions"', 'applications/list-extensions/root' + '"/app/php/list-extensions"', 'applications/list-extensions/root' ) assert 'success' in self.conf( @@ -77,7 +99,7 @@ class TestPHPIsolation(TestApplicationPHP): ) assert 'success' in self.conf( - '"/php/list-extensions"', + '"/app/php/list-extensions"', 'applications/list-extensions/working_directory', ) |