summaryrefslogtreecommitdiffhomepage
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/go/ns_inspect/app.go7
-rw-r--r--test/test_go_isolation.py25
2 files changed, 29 insertions, 3 deletions
diff --git a/test/go/ns_inspect/app.go b/test/go/ns_inspect/app.go
index 4d19a796..570580e6 100644
--- a/test/go/ns_inspect/app.go
+++ b/test/go/ns_inspect/app.go
@@ -7,6 +7,7 @@ import (
"unit.nginx.org/go"
"os"
"strconv"
+ "io/ioutil"
)
type (
@@ -26,6 +27,7 @@ type (
GID int
NS NS
FileExists bool
+ Mounts string
}
)
@@ -77,6 +79,11 @@ func handler(w http.ResponseWriter, r *http.Request) {
out.FileExists = err == nil
}
+ if mounts := r.Form.Get("mounts"); mounts != "" {
+ data, _ := ioutil.ReadFile("/proc/self/mountinfo")
+ out.Mounts = string(data)
+ }
+
data, err := json.Marshal(out)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
diff --git a/test/test_go_isolation.py b/test/test_go_isolation.py
index e3a0a210..8c4a6b9c 100644
--- a/test/test_go_isolation.py
+++ b/test/test_go_isolation.py
@@ -332,7 +332,12 @@ class TestGoIsolation(TestApplicationGo):
obj = self.getjson(url='/?file=/bin/sh')['body']
assert obj['FileExists'] == False, 'file should not exists'
- def test_go_isolation_rootfs_default_tmpfs(self, is_su, temp_dir):
+ def test_go_isolation_rootfs_automount_tmpfs(self, is_su, temp_dir):
+ try:
+ open("/proc/self/mountinfo")
+ except:
+ pytest.skip('The system lacks /proc/self/mountinfo file')
+
if not is_su:
if not self.isolation_key('unprivileged_userns_clone'):
pytest.skip('unprivileged clone is not available')
@@ -357,6 +362,20 @@ class TestGoIsolation(TestApplicationGo):
self.load('ns_inspect', isolation=isolation)
- obj = self.getjson(url='/?file=/tmp')['body']
+ obj = self.getjson(url='/?mounts=true')['body']
+
+ assert (
+ "/ /tmp" in obj['Mounts'] and "tmpfs" in obj['Mounts']
+ ), 'app has /tmp mounted on /'
+
+ isolation['automount'] = {
+ 'tmpfs': False
+ }
+
+ self.load('ns_inspect', isolation=isolation)
+
+ obj = self.getjson(url='/?mounts=true')['body']
- assert obj['FileExists'] == True, 'app has /tmp'
+ assert (
+ "/ /tmp" not in obj['Mounts'] and "tmpfs" not in obj['Mounts']
+ ), 'app has no /tmp mounted'