summaryrefslogtreecommitdiffhomepage
path: root/test/test_python_isolation.py
diff options
context:
space:
mode:
authorTiago Natel de Moura <t.nateldemoura@f5.com>2020-10-29 20:30:53 +0000
committerTiago Natel de Moura <t.nateldemoura@f5.com>2020-10-29 20:30:53 +0000
commit0390cb3a61051dd93e206d50591aff5759cf42fc (patch)
treed2105e88cbe4ef30a25243d7ccb07fae706c1003 /test/test_python_isolation.py
parent417f5d911ddb3a46b590d89e73313856a32ff435 (diff)
downloadunit-0390cb3a61051dd93e206d50591aff5759cf42fc.tar.gz
unit-0390cb3a61051dd93e206d50591aff5759cf42fc.tar.bz2
Isolation: mounting of procfs by default when using "rootfs".
Diffstat (limited to '')
-rw-r--r--test/test_python_isolation.py52
1 files changed, 32 insertions, 20 deletions
diff --git a/test/test_python_isolation.py b/test/test_python_isolation.py
index 34abd1df..1a157528 100644
--- a/test/test_python_isolation.py
+++ b/test/test_python_isolation.py
@@ -29,24 +29,27 @@ class TestPythonIsolation(TestApplicationPython):
def test_python_isolation_rootfs(self, is_su, temp_dir):
isolation_features = option.available['features']['isolation'].keys()
- if 'mnt' not in isolation_features:
- pytest.skip('requires mnt ns')
-
if not is_su:
- if 'user' not in isolation_features:
- pytest.skip('requires unprivileged userns or root')
-
if not 'unprivileged_userns_clone' in isolation_features:
pytest.skip('requires unprivileged userns or root')
- isolation = {
- 'namespaces': {'credential': not is_su, 'mount': True},
- 'rootfs': temp_dir,
- }
+ if 'user' not in isolation_features:
+ pytest.skip('user namespace is not supported')
- self.load('empty', isolation=isolation)
+ if 'mnt' not in isolation_features:
+ pytest.skip('mnt namespace is not supported')
- assert self.get()['status'] == 200, 'python rootfs'
+ if 'pid' not in isolation_features:
+ pytest.skip('pid namespace is not supported')
+
+ isolation = {'rootfs': temp_dir}
+
+ if not is_su:
+ isolation['namespaces'] = {
+ 'mount': True,
+ 'credential': True,
+ 'pid': True
+ }
self.load('ns_inspect', isolation=isolation)
@@ -57,7 +60,7 @@ class TestPythonIsolation(TestApplicationPython):
assert (
self.getjson(url='/?path=/proc/self')['body']['FileExists']
- == False
+ == True
), 'no /proc/self'
assert (
@@ -78,22 +81,31 @@ class TestPythonIsolation(TestApplicationPython):
def test_python_isolation_rootfs_no_language_deps(self, is_su, temp_dir):
isolation_features = option.available['features']['isolation'].keys()
- if 'mnt' not in isolation_features:
- pytest.skip('requires mnt ns')
-
if not is_su:
- if 'user' not in isolation_features:
- pytest.skip('requires unprivileged userns or root')
-
if not 'unprivileged_userns_clone' in isolation_features:
pytest.skip('requires unprivileged userns or root')
+ if 'user' not in isolation_features:
+ pytest.skip('user namespace is not supported')
+
+ if 'mnt' not in isolation_features:
+ pytest.skip('mnt namespace is not supported')
+
+ if 'pid' not in isolation_features:
+ pytest.skip('pid namespace is not supported')
+
isolation = {
- 'namespaces': {'credential': not is_su, 'mount': True},
'rootfs': temp_dir,
'automount': {'language_deps': False}
}
+ if not is_su:
+ isolation['namespaces'] = {
+ 'mount': True,
+ 'credential': True,
+ 'pid': True
+ }
+
self.load('empty', isolation=isolation)
assert (self.get()['status'] != 200), 'disabled language_deps'