diff options
Diffstat (limited to 'test/test_python_isolation.py')
-rw-r--r-- | test/test_python_isolation.py | 103 |
1 files changed, 60 insertions, 43 deletions
diff --git a/test/test_python_isolation.py b/test/test_python_isolation.py index 1bed64ba..ac678103 100644 --- a/test/test_python_isolation.py +++ b/test/test_python_isolation.py @@ -1,4 +1,4 @@ -import unittest +import pytest from unit.applications.lang.python import TestApplicationPython from unit.feature.isolation import TestFeatureIsolation @@ -10,70 +10,87 @@ class TestPythonIsolation(TestApplicationPython): isolation = TestFeatureIsolation() @classmethod - def setUpClass(cls, complete_check=True): - unit = super().setUpClass(complete_check=False) + def setup_class(cls, complete_check=True): + unit = super().setup_class(complete_check=False) - TestFeatureIsolation().check(cls.available, unit.testdir) + TestFeatureIsolation().check(cls.available, unit.temp_dir) return unit if not complete_check else unit.complete() - def test_python_isolation_rootfs(self): + def test_python_isolation_rootfs(self, is_su): isolation_features = self.available['features']['isolation'].keys() if 'mnt' not in isolation_features: - print('requires mnt ns') - raise unittest.SkipTest() + pytest.skip('requires mnt ns') - if not self.is_su: + if not is_su: if 'user' not in isolation_features: - print('requires unprivileged userns or root') - raise unittest.SkipTest() + pytest.skip('requires unprivileged userns or root') if not 'unprivileged_userns_clone' in isolation_features: - print('requires unprivileged userns or root') - raise unittest.SkipTest() + pytest.skip('requires unprivileged userns or root') isolation = { - 'namespaces': {'credential': not self.is_su, 'mount': True}, - 'rootfs': self.testdir, + 'namespaces': {'credential': not is_su, 'mount': True}, + 'rootfs': self.temp_dir, } self.load('empty', isolation=isolation) - self.assertEqual(self.get()['status'], 200, 'python rootfs') + assert self.get()['status'] == 200, 'python rootfs' self.load('ns_inspect', isolation=isolation) - self.assertEqual( - self.getjson(url='/?path=' + self.testdir)['body']['FileExists'], - False, - 'testdir does not exists in rootfs', - ) - - self.assertEqual( - self.getjson(url='/?path=/proc/self')['body']['FileExists'], - False, - 'no /proc/self', - ) - - self.assertEqual( - self.getjson(url='/?path=/dev/pts')['body']['FileExists'], - False, - 'no /dev/pts', - ) - - self.assertEqual( - self.getjson(url='/?path=/sys/kernel')['body']['FileExists'], - False, - 'no /sys/kernel', - ) + assert ( + self.getjson(url='/?path=' + self.temp_dir)['body']['FileExists'] + == False + ), 'temp_dir does not exists in rootfs' + + assert ( + self.getjson(url='/?path=/proc/self')['body']['FileExists'] + == False + ), 'no /proc/self' + + assert ( + self.getjson(url='/?path=/dev/pts')['body']['FileExists'] == False + ), 'no /dev/pts' + + assert ( + self.getjson(url='/?path=/sys/kernel')['body']['FileExists'] + == False + ), 'no /sys/kernel' ret = self.getjson(url='/?path=/app/python/ns_inspect') - self.assertEqual( - ret['body']['FileExists'], True, 'application exists in rootfs', - ) + assert ( + ret['body']['FileExists'] == True + ), 'application exists in rootfs' + + def test_python_isolation_rootfs_no_language_deps(self, is_su): + isolation_features = self.available['features']['isolation'].keys() + + if 'mnt' not in isolation_features: + pytest.skip('requires mnt ns') + if not is_su: + if 'user' not in isolation_features: + pytest.skip('requires unprivileged userns or root') + + if not 'unprivileged_userns_clone' in isolation_features: + pytest.skip('requires unprivileged userns or root') + + isolation = { + 'namespaces': {'credential': not is_su, 'mount': True}, + 'rootfs': self.temp_dir, + 'automount': {'language_deps': False} + } + + self.load('empty', isolation=isolation) + + assert (self.get()['status'] != 200), 'disabled language_deps' + + isolation['automount']['language_deps'] = True + + self.load('empty', isolation=isolation) -if __name__ == '__main__': - TestPythonIsolation.main() + assert (self.get()['status'] == 200), 'enabled language_deps' |