technocloud-public/nginx-unit
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
07a0c9a34817d6faedff67505507cd4f54752a22
nginx-unit/test/unit/check/isolation.py
Andrei Zeliankou 5a8337933d Tests: pathlib used where appropriate 
Also fixed various pylint errors and style issues.
2024-01-15 15:48:58 +00:00

161 lines
5.1 KiB
Python
Raw Blame History

import json
from pathlib import Path
from unit.applications.lang.go import ApplicationGo
from unit.applications.lang.java import ApplicationJava
from unit.applications.lang.node import ApplicationNode
from unit.applications.lang.ruby import ApplicationRuby
from unit.http import HTTP1
from unit.option import option
from unit.utils import getns
allns = ['pid', 'mnt', 'ipc', 'uts', 'cgroup', 'net']
http = HTTP1()
def check_isolation():
available = option.available
conf = ''
if 'go' in available['modules']:
ApplicationGo().prepare_env('empty', 'app')
conf = {
"listeners": {"*:8080": {"pass": "applications/empty"}},
"applications": {
"empty": {
"type": "external",
"processes": {"spare": 0},
"working_directory": f"{option.test_dir}/go/empty",
"executable": f"{option.test_dir}/go/app",
"isolation": {"namespaces": {"credential": True}},
},
},
}
elif 'python' in available['modules']:
conf = {
"listeners": {"*:8080": {"pass": "applications/empty"}},
"applications": {
"empty": {
"type": "python",
"processes": {"spare": 0},
"path": f"{option.test_dir}/python/empty",
"working_directory": f"{option.test_dir}/python/empty",
"module": "wsgi",
"isolation": {"namespaces": {"credential": True}},
}
},
}
elif 'php' in available['modules']:
conf = {
"listeners": {"*:8080": {"pass": "applications/phpinfo"}},
"applications": {
"phpinfo": {
"type": "php",
"processes": {"spare": 0},
"root": f"{option.test_dir}/php/phpinfo",
"working_directory": f"{option.test_dir}/php/phpinfo",
"index": "index.php",
"isolation": {"namespaces": {"credential": True}},
}
},
}
elif 'ruby' in available['modules']:
ApplicationRuby().prepare_env('empty')
conf = {
"listeners": {"*:8080": {"pass": "applications/empty"}},
"applications": {
"empty": {
"type": "ruby",
"processes": {"spare": 0},
"working_directory": f"{option.temp_dir}/ruby/empty",
"script": f"{option.temp_dir}/ruby/empty/config.ru",
"isolation": {"namespaces": {"credential": True}},
}
},
}
elif 'java' in available['modules']:
ApplicationJava().prepare_env('empty')
conf = {
"listeners": {"*:8080": {"pass": "applications/empty"}},
"applications": {
"empty": {
"unit_jars": f"{option.current_dir}/build",
"type": "java",
"processes": {"spare": 0},
"working_directory": f"{option.temp_dir}/java/empty/",
"webapp": f"{option.temp_dir}/java",
"isolation": {"namespaces": {"credential": True}},
}
},
}
elif 'node' in available['modules']:
ApplicationNode().prepare_env('basic')
conf = {
"listeners": {"*:8080": {"pass": "applications/basic"}},
"applications": {
"basic": {
"type": "external",
"processes": {"spare": 0},
"working_directory": f"{option.temp_dir}/node",
"executable": "app.js",
"isolation": {"namespaces": {"credential": True}},
}
},
}
elif 'perl' in available['modules']:
conf = {
"listeners": {"*:8080": {"pass": "applications/body_empty"}},
"applications": {
"body_empty": {
"type": "perl",
"processes": {"spare": 0},
"working_directory": f"{option.test_dir}/perl/body_empty",
"script": f"{option.test_dir}/perl/body_empty/psgi.pl",
"isolation": {"namespaces": {"credential": True}},
}
},
}
else:
return False
resp = http.put(
url='/config',
sock_type='unix',
addr=f'{option.temp_dir}/control.unit.sock',
body=json.dumps(conf),
)
if 'success' not in resp['body']:
return False
userns = getns('user')
if not userns:
return False
isolation = {'user': userns}
path_clone = Path('/proc/sys/kernel/unprivileged_userns_clone')
if (
path_clone.exists()
and path_clone.read_text(encoding='utf-8').rstrip() == '1'
):
isolation['unprivileged_userns_clone'] = True
for ns in allns:
ns_value = getns(ns)
if ns_value:
isolation[ns] = ns_value
return isolation
Reference in New Issue View Git Blame Copy Permalink