diff options
author | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2020-10-29 20:30:53 +0000 |
---|---|---|
committer | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2020-10-29 20:30:53 +0000 |
commit | 0390cb3a61051dd93e206d50591aff5759cf42fc (patch) | |
tree | d2105e88cbe4ef30a25243d7ccb07fae706c1003 /test/test_python_isolation.py | |
parent | 417f5d911ddb3a46b590d89e73313856a32ff435 (diff) | |
download | unit-0390cb3a61051dd93e206d50591aff5759cf42fc.tar.gz unit-0390cb3a61051dd93e206d50591aff5759cf42fc.tar.bz2 |
Isolation: mounting of procfs by default when using "rootfs".
Diffstat (limited to '')
-rw-r--r-- | test/test_python_isolation.py | 52 |
1 files changed, 32 insertions, 20 deletions
diff --git a/test/test_python_isolation.py b/test/test_python_isolation.py index 34abd1df..1a157528 100644 --- a/test/test_python_isolation.py +++ b/test/test_python_isolation.py @@ -29,24 +29,27 @@ class TestPythonIsolation(TestApplicationPython): def test_python_isolation_rootfs(self, is_su, temp_dir): isolation_features = option.available['features']['isolation'].keys() - if 'mnt' not in isolation_features: - pytest.skip('requires mnt ns') - if not is_su: - if 'user' not in isolation_features: - pytest.skip('requires unprivileged userns or root') - if not 'unprivileged_userns_clone' in isolation_features: pytest.skip('requires unprivileged userns or root') - isolation = { - 'namespaces': {'credential': not is_su, 'mount': True}, - 'rootfs': temp_dir, - } + if 'user' not in isolation_features: + pytest.skip('user namespace is not supported') - self.load('empty', isolation=isolation) + if 'mnt' not in isolation_features: + pytest.skip('mnt namespace is not supported') - assert self.get()['status'] == 200, 'python rootfs' + if 'pid' not in isolation_features: + pytest.skip('pid namespace is not supported') + + isolation = {'rootfs': temp_dir} + + if not is_su: + isolation['namespaces'] = { + 'mount': True, + 'credential': True, + 'pid': True + } self.load('ns_inspect', isolation=isolation) @@ -57,7 +60,7 @@ class TestPythonIsolation(TestApplicationPython): assert ( self.getjson(url='/?path=/proc/self')['body']['FileExists'] - == False + == True ), 'no /proc/self' assert ( @@ -78,22 +81,31 @@ class TestPythonIsolation(TestApplicationPython): def test_python_isolation_rootfs_no_language_deps(self, is_su, temp_dir): isolation_features = option.available['features']['isolation'].keys() - if 'mnt' not in isolation_features: - pytest.skip('requires mnt ns') - if not is_su: - if 'user' not in isolation_features: - pytest.skip('requires unprivileged userns or root') - if not 'unprivileged_userns_clone' in isolation_features: pytest.skip('requires unprivileged userns or root') + if 'user' not in isolation_features: + pytest.skip('user namespace is not supported') + + if 'mnt' not in isolation_features: + pytest.skip('mnt namespace is not supported') + + if 'pid' not in isolation_features: + pytest.skip('pid namespace is not supported') + isolation = { - 'namespaces': {'credential': not is_su, 'mount': True}, 'rootfs': temp_dir, 'automount': {'language_deps': False} } + if not is_su: + isolation['namespaces'] = { + 'mount': True, + 'credential': True, + 'pid': True + } + self.load('empty', isolation=isolation) assert (self.get()['status'] != 200), 'disabled language_deps' |