From 54837759f36eddb80af22c8d73e103a948221dc7 Mon Sep 17 00:00:00 2001 From: Andrei Zeliankou Date: Mon, 19 Oct 2020 22:25:29 +0100 Subject: Tests: fixed unit.log print. --- test/test_python_isolation.py | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) (limited to 'test/test_python_isolation.py') diff --git a/test/test_python_isolation.py b/test/test_python_isolation.py index ac678103..34abd1df 100644 --- a/test/test_python_isolation.py +++ b/test/test_python_isolation.py @@ -1,5 +1,10 @@ +import shutil + import pytest +from conftest import option +from conftest import unit_run +from conftest import unit_stop from unit.applications.lang.python import TestApplicationPython from unit.feature.isolation import TestFeatureIsolation @@ -7,18 +12,22 @@ from unit.feature.isolation import TestFeatureIsolation class TestPythonIsolation(TestApplicationPython): prerequisites = {'modules': {'python': 'any'}, 'features': ['isolation']} - isolation = TestFeatureIsolation() - @classmethod def setup_class(cls, complete_check=True): - unit = super().setup_class(complete_check=False) + check = super().setup_class(complete_check=False) + + unit = unit_run() + option.temp_dir = unit['temp_dir'] + + TestFeatureIsolation().check(option.available, unit['temp_dir']) - TestFeatureIsolation().check(cls.available, unit.temp_dir) + assert unit_stop() is None + shutil.rmtree(unit['temp_dir']) - return unit if not complete_check else unit.complete() + return check if not complete_check else check() - def test_python_isolation_rootfs(self, is_su): - isolation_features = self.available['features']['isolation'].keys() + def test_python_isolation_rootfs(self, is_su, temp_dir): + isolation_features = option.available['features']['isolation'].keys() if 'mnt' not in isolation_features: pytest.skip('requires mnt ns') @@ -32,7 +41,7 @@ class TestPythonIsolation(TestApplicationPython): isolation = { 'namespaces': {'credential': not is_su, 'mount': True}, - 'rootfs': self.temp_dir, + 'rootfs': temp_dir, } self.load('empty', isolation=isolation) @@ -42,7 +51,7 @@ class TestPythonIsolation(TestApplicationPython): self.load('ns_inspect', isolation=isolation) assert ( - self.getjson(url='/?path=' + self.temp_dir)['body']['FileExists'] + self.getjson(url='/?path=' + temp_dir)['body']['FileExists'] == False ), 'temp_dir does not exists in rootfs' @@ -66,8 +75,8 @@ class TestPythonIsolation(TestApplicationPython): ret['body']['FileExists'] == True ), 'application exists in rootfs' - def test_python_isolation_rootfs_no_language_deps(self, is_su): - isolation_features = self.available['features']['isolation'].keys() + def test_python_isolation_rootfs_no_language_deps(self, is_su, temp_dir): + isolation_features = option.available['features']['isolation'].keys() if 'mnt' not in isolation_features: pytest.skip('requires mnt ns') @@ -81,7 +90,7 @@ class TestPythonIsolation(TestApplicationPython): isolation = { 'namespaces': {'credential': not is_su, 'mount': True}, - 'rootfs': self.temp_dir, + 'rootfs': temp_dir, 'automount': {'language_deps': False} } -- cgit From 0390cb3a61051dd93e206d50591aff5759cf42fc Mon Sep 17 00:00:00 2001 From: Tiago Natel de Moura Date: Thu, 29 Oct 2020 20:30:53 +0000 Subject: Isolation: mounting of procfs by default when using "rootfs". --- test/test_python_isolation.py | 52 ++++++++++++++++++++++++++----------------- 1 file changed, 32 insertions(+), 20 deletions(-) (limited to 'test/test_python_isolation.py') diff --git a/test/test_python_isolation.py b/test/test_python_isolation.py index 34abd1df..1a157528 100644 --- a/test/test_python_isolation.py +++ b/test/test_python_isolation.py @@ -29,24 +29,27 @@ class TestPythonIsolation(TestApplicationPython): def test_python_isolation_rootfs(self, is_su, temp_dir): isolation_features = option.available['features']['isolation'].keys() - if 'mnt' not in isolation_features: - pytest.skip('requires mnt ns') - if not is_su: - if 'user' not in isolation_features: - pytest.skip('requires unprivileged userns or root') - if not 'unprivileged_userns_clone' in isolation_features: pytest.skip('requires unprivileged userns or root') - isolation = { - 'namespaces': {'credential': not is_su, 'mount': True}, - 'rootfs': temp_dir, - } + if 'user' not in isolation_features: + pytest.skip('user namespace is not supported') - self.load('empty', isolation=isolation) + if 'mnt' not in isolation_features: + pytest.skip('mnt namespace is not supported') - assert self.get()['status'] == 200, 'python rootfs' + if 'pid' not in isolation_features: + pytest.skip('pid namespace is not supported') + + isolation = {'rootfs': temp_dir} + + if not is_su: + isolation['namespaces'] = { + 'mount': True, + 'credential': True, + 'pid': True + } self.load('ns_inspect', isolation=isolation) @@ -57,7 +60,7 @@ class TestPythonIsolation(TestApplicationPython): assert ( self.getjson(url='/?path=/proc/self')['body']['FileExists'] - == False + == True ), 'no /proc/self' assert ( @@ -78,22 +81,31 @@ class TestPythonIsolation(TestApplicationPython): def test_python_isolation_rootfs_no_language_deps(self, is_su, temp_dir): isolation_features = option.available['features']['isolation'].keys() - if 'mnt' not in isolation_features: - pytest.skip('requires mnt ns') - if not is_su: - if 'user' not in isolation_features: - pytest.skip('requires unprivileged userns or root') - if not 'unprivileged_userns_clone' in isolation_features: pytest.skip('requires unprivileged userns or root') + if 'user' not in isolation_features: + pytest.skip('user namespace is not supported') + + if 'mnt' not in isolation_features: + pytest.skip('mnt namespace is not supported') + + if 'pid' not in isolation_features: + pytest.skip('pid namespace is not supported') + isolation = { - 'namespaces': {'credential': not is_su, 'mount': True}, 'rootfs': temp_dir, 'automount': {'language_deps': False} } + if not is_su: + isolation['namespaces'] = { + 'mount': True, + 'credential': True, + 'pid': True + } + self.load('empty', isolation=isolation) assert (self.get()['status'] != 200), 'disabled language_deps' -- cgit