diff options
author | Konstantin Pavlov <thresh@nginx.com> | 2023-08-31 09:41:46 -0700 |
---|---|---|
committer | Konstantin Pavlov <thresh@nginx.com> | 2023-08-31 09:41:46 -0700 |
commit | c45c8919c7232eb20023484f6d1fc9f1f50395d8 (patch) | |
tree | cc12eb307c1611494948645e4b487fa06495c3d2 /test/test_php_isolation.py | |
parent | 88c90e1c351ab8c5bd487a5cd4b735014b08e271 (diff) | |
parent | 9b22b6957bc87b3df002d0bc691fdae6a20abdac (diff) | |
download | unit-c45c8919c7232eb20023484f6d1fc9f1f50395d8.tar.gz unit-c45c8919c7232eb20023484f6d1fc9f1f50395d8.tar.bz2 |
Merged with the default branch.1.31.0-1
Diffstat (limited to 'test/test_php_isolation.py')
-rw-r--r-- | test/test_php_isolation.py | 144 |
1 files changed, 70 insertions, 74 deletions
diff --git a/test/test_php_isolation.py b/test/test_php_isolation.py index aebeefa6..f248da41 100644 --- a/test/test_php_isolation.py +++ b/test/test_php_isolation.py @@ -1,89 +1,85 @@ -import pytest -from unit.applications.lang.php import TestApplicationPHP -from unit.option import option +from unit.applications.lang.php import ApplicationPHP +prerequisites = {'modules': {'php': 'any'}, 'features': {'isolation': True}} -class TestPHPIsolation(TestApplicationPHP): - prerequisites = {'modules': {'php': 'any'}, 'features': ['isolation']} +client = ApplicationPHP() - def test_php_isolation_rootfs(self, is_su, temp_dir): - isolation_features = option.available['features']['isolation'].keys() - if not is_su: - if not 'unprivileged_userns_clone' in isolation_features: - pytest.skip('requires unprivileged userns or root') +def test_php_isolation_rootfs(is_su, require, temp_dir): + isolation = {'rootfs': temp_dir} - if 'user' not in isolation_features: - pytest.skip('user namespace is not supported') - - if 'mnt' not in isolation_features: - pytest.skip('mnt namespace is not supported') - - if 'pid' not in isolation_features: - pytest.skip('pid namespace is not supported') - - isolation = {'rootfs': temp_dir} - - if not is_su: - isolation['namespaces'] = { - 'mount': True, - 'credential': True, - 'pid': True, + if not is_su: + require( + { + 'features': { + 'isolation': [ + 'unprivileged_userns_clone', + 'user', + 'mnt', + 'pid', + ] + } } - - self.load('phpinfo', isolation=isolation) - - assert 'success' in self.conf( - '"/app/php/phpinfo"', 'applications/phpinfo/root' - ) - assert 'success' in self.conf( - '"/app/php/phpinfo"', 'applications/phpinfo/working_directory' ) - assert self.get()['status'] == 200, 'empty rootfs' - - def test_php_isolation_rootfs_extensions(self, is_su, temp_dir): - isolation_features = option.available['features']['isolation'].keys() - - if not is_su: - if not 'unprivileged_userns_clone' in isolation_features: - pytest.skip('requires unprivileged userns or root') - - if 'user' not in isolation_features: - pytest.skip('user namespace is not supported') - - if 'mnt' not in isolation_features: - pytest.skip('mnt namespace is not supported') - - if 'pid' not in isolation_features: - pytest.skip('pid namespace is not supported') - - isolation = {'rootfs': temp_dir} - - if not is_su: - isolation['namespaces'] = { - 'mount': True, - 'credential': True, - 'pid': True, + isolation['namespaces'] = { + 'mount': True, + 'credential': True, + 'pid': True, + } + + client.load('phpinfo', isolation=isolation) + + assert 'success' in client.conf( + '"/app/php/phpinfo"', 'applications/phpinfo/root' + ) + assert 'success' in client.conf( + '"/app/php/phpinfo"', 'applications/phpinfo/working_directory' + ) + + assert client.get()['status'] == 200, 'empty rootfs' + + +def test_php_isolation_rootfs_extensions(is_su, require, temp_dir): + isolation = {'rootfs': temp_dir} + + if not is_su: + require( + { + 'features': { + 'isolation': [ + 'unprivileged_userns_clone', + 'user', + 'mnt', + 'pid', + ] + } } + ) - self.load('list-extensions', isolation=isolation) + isolation['namespaces'] = { + 'mount': True, + 'credential': True, + 'pid': True, + } - assert 'success' in self.conf( - '"/app/php/list-extensions"', 'applications/list-extensions/root' - ) + client.load('list-extensions', isolation=isolation) - assert 'success' in self.conf( - {'file': '/php/list-extensions/php.ini'}, - 'applications/list-extensions/options', - ) + assert 'success' in client.conf( + '"/app/php/list-extensions"', 'applications/list-extensions/root' + ) - assert 'success' in self.conf( - '"/app/php/list-extensions"', - 'applications/list-extensions/working_directory', - ) + assert 'success' in client.conf( + {'file': '/php/list-extensions/php.ini'}, + 'applications/list-extensions/options', + ) + + assert 'success' in client.conf( + '"/app/php/list-extensions"', + 'applications/list-extensions/working_directory', + ) - extensions = self.getjson()['body'] + extensions = client.getjson()['body'] - assert 'json' in extensions, 'json in extensions list' - assert 'unit' in extensions, 'unit in extensions list' + assert 'json' in extensions, 'json in extensions list' + assert 'unit' in extensions, 'unit in extensions list' |