summaryrefslogtreecommitdiffhomepage
path: root/test/test_go_isolation.py
diff options
context:
space:
mode:
Diffstat (limited to 'test/test_go_isolation.py')
-rw-r--r--test/test_go_isolation.py52
1 files changed, 49 insertions, 3 deletions
diff --git a/test/test_go_isolation.py b/test/test_go_isolation.py
index 7884274d..61d39617 100644
--- a/test/test_go_isolation.py
+++ b/test/test_go_isolation.py
@@ -1,13 +1,13 @@
-import pwd
import grp
-import json
+import pwd
import unittest
+
from unit.applications.lang.go import TestApplicationGo
from unit.feature.isolation import TestFeatureIsolation
class TestGoIsolation(TestApplicationGo):
- prerequisites = {'modules': ['go'], 'features': ['isolation']}
+ prerequisites = {'modules': {'go': 'any'}, 'features': ['isolation']}
isolation = TestFeatureIsolation()
@@ -281,6 +281,52 @@ class TestGoIsolation(TestApplicationGo):
'%s match' % ns,
)
+ def test_go_isolation_rootfs_container(self):
+ if not self.isolation_key('unprivileged_userns_clone'):
+ print('unprivileged clone is not available')
+ raise unittest.SkipTest()
+
+ if not self.isolation_key('mnt'):
+ print('mnt namespace is not supported')
+ raise unittest.SkipTest()
+
+ isolation = {
+ 'namespaces': {'mount': True, 'credential': True},
+ 'rootfs': self.testdir,
+ }
+
+ self.load('ns_inspect', isolation=isolation)
+
+ obj = self.getjson(url='/?file=/go/app')['body']
+
+ self.assertEqual(obj['FileExists'], True, 'app relative to rootfs')
+
+ obj = self.getjson(url='/?file=/bin/sh')['body']
+ self.assertEqual(obj['FileExists'], False, 'file should not exists')
+
+ def test_go_isolation_rootfs_container_priv(self):
+ if not self.is_su:
+ print("requires root")
+ raise unittest.SkipTest()
+
+ if not self.isolation_key('mnt'):
+ print('mnt namespace is not supported')
+ raise unittest.SkipTest()
+
+ isolation = {
+ 'namespaces': {'mount': True},
+ 'rootfs': self.testdir,
+ }
+
+ self.load('ns_inspect', isolation=isolation)
+
+ obj = self.getjson(url='/?file=/go/app')['body']
+
+ self.assertEqual(obj['FileExists'], True, 'app relative to rootfs')
+
+ obj = self.getjson(url='/?file=/bin/sh')['body']
+ self.assertEqual(obj['FileExists'], False, 'file should not exists')
+
if __name__ == '__main__':
TestGoIsolation.main()