コード例 #1
0
def test_not_all_ns_container(capfd):
    """Check all namespaces without network ns.

    ```
    bash# mount -t proc proc /proc
    bash# ps ax
    PID TTY      STAT   TIME COMMAND
    1  pts/3    S      0:00 bash
    22 pts/3    R+     0:00 ps ax
    ```

    """
    cmd = "mount -t proc proc /proc; ps ax; sleep 0.1"
    c = Container(target=execute, args=(('bash', '-c', cmd),),
                  uid_map='0 1000 1', all=True, net=False
                  )
    c.start()
    out, err = capfd.readouterr()
    out0 = s.check_output("ifconfig -a", shell=True)
    i = Inject(target=execute, args=(('ifconfig', '-a'),),
                target_pid=c.pid, all=True
                )
    i.start()
    i.join()
    c.join()
    out, err = capfd.readouterr()
    print(out0)
    print(out, err)
    assert out != out0
コード例 #2
0
def test_all_inject(capfd):
    """Check all ns inject"""
    c = Container(target=execute, args=(('bash','-c',
                'mount -t proc /proc; sleep 0.1'),),
                uid_map='1000', all=True
                )
    c.start()
    i = Inject(target=execute, args=(('bash', '-c', 'id'),),
                target_pid=c.pid, all=True
                )
    i.start()
    i.join()
    c.join()
    out, err = capfd.readouterr()
    print(out, err)
    assert out.split()[:2] == ["uid=0(root)", "gid=65534(nogroup)"]
コード例 #3
0
def test_not_all_inject(capfd):
    """Check inject without network ns"""
    c = Container(target=execute, args=(('bash','-c',
                'mount -t proc /proc; sleep 2'),),
                uid_map='1000', all=True, net=False
                )
    c.start()
    out0 = s.check_output("ifconfig -a", shell=True)
    i = Inject(target=execute, args=(('ifconfig', '-a'),),
                target_pid=c.pid, all=True
                )
    i.start()
    i.join()
    c.join()
    out, err = capfd.readouterr()
    print(out0)
    print(out, err)
    assert out != out0
コード例 #4
0
def test_not_all_ns_container(capfd):
    """Check all namespaces without network ns.

    ```
    bash# mount -t proc proc /proc
    bash# ps ax
    PID TTY      STAT   TIME COMMAND
    1  pts/3    S      0:00 bash
    22 pts/3    R+     0:00 ps ax
    ```

    """
    cmd = "mount -t proc proc /proc; ps ax; sleep 0.1"
    c = Container(target=execute,
                  args=(('bash', '-c', cmd), ),
                  uid_map='0 1000 1',
                  all=True,
                  net=False)
    c.start()
    out, err = capfd.readouterr()
    out0 = s.check_output("ifconfig -a", shell=True)
    i = Inject(target=execute,
               args=(('ifconfig', '-a'), ),
               target_pid=c.pid,
               all=True)
    i.start()
    i.join()
    c.join()
    out, err = capfd.readouterr()
    print(out0)
    print(out, err)
    assert out != out0
コード例 #5
0
def test_all_inject(capfd):
    """Check all ns inject"""
    c = Container(target=execute,
                  args=(('bash', '-c', 'mount -t proc /proc; sleep 0.1'), ),
                  uid_map='1000',
                  all=True)
    c.start()
    i = Inject(target=execute,
               args=(('bash', '-c', 'id'), ),
               target_pid=c.pid,
               all=True)
    i.start()
    i.join()
    c.join()
    out, err = capfd.readouterr()
    print(out, err)
    assert out.split()[:2] == ["uid=0(root)", "gid=65534(nogroup)"]
コード例 #6
0
def test_not_all_inject(capfd):
    """Check inject without network ns"""
    c = Container(target=execute,
                  args=(('bash', '-c', 'mount -t proc /proc; sleep 2'), ),
                  uid_map='1000',
                  all=True,
                  net=False)
    c.start()
    out0 = s.check_output("ifconfig -a", shell=True)
    i = Inject(target=execute,
               args=(('ifconfig', '-a'), ),
               target_pid=c.pid,
               all=True)
    i.start()
    i.join()
    c.join()
    out, err = capfd.readouterr()
    print(out0)
    print(out, err)
    assert out != out0