Tests: tmpfs automount.

test/go/ns_inspect/app.go

@@ -7,6 +7,7 @@ import (
 	"unit.nginx.org/go"
 	"os"
 	"strconv"
+	"io/ioutil"
 )
 
 type (
@@ -26,6 +27,7 @@ type (
 		GID        int
 		NS         NS
 		FileExists bool
+		Mounts     string
 	}
 )
 
@@ -77,6 +79,11 @@ func handler(w http.ResponseWriter, r *http.Request) {
 		out.FileExists = err == nil
 	}
 
+	if mounts := r.Form.Get("mounts"); mounts != "" {
+		data, _ := ioutil.ReadFile("/proc/self/mountinfo")
+		out.Mounts = string(data)
+	}
+
 	data, err := json.Marshal(out)
 	if err != nil {
 		w.WriteHeader(http.StatusInternalServerError)

test/test_go_isolation.py

@@ -332,7 +332,12 @@ class TestGoIsolation(TestApplicationGo):
         obj = self.getjson(url='/?file=/bin/sh')['body']
         assert obj['FileExists'] == False, 'file should not exists'
 
-    def test_go_isolation_rootfs_default_tmpfs(self, is_su, temp_dir):
+    def test_go_isolation_rootfs_automount_tmpfs(self, is_su, temp_dir):
+        try:
+            open("/proc/self/mountinfo")
+        except:
+            pytest.skip('The system lacks /proc/self/mountinfo file')
+
         if not is_su:
             if not self.isolation_key('unprivileged_userns_clone'):
                 pytest.skip('unprivileged clone is not available')
@@ -357,6 +362,20 @@ class TestGoIsolation(TestApplicationGo):
 
         self.load('ns_inspect', isolation=isolation)
 
-        obj = self.getjson(url='/?file=/tmp')['body']
+        obj = self.getjson(url='/?mounts=true')['body']
 
-        assert obj['FileExists'] == True, 'app has /tmp'
+        assert (
+            "/ /tmp" in obj['Mounts'] and "tmpfs" in obj['Mounts']
+        ), 'app has /tmp mounted on /'
+
+        isolation['automount'] = {
+            'tmpfs': False
+        }
+
+        self.load('ns_inspect', isolation=isolation)
+
+        obj = self.getjson(url='/?mounts=true')['body']
+
+        assert (
+            "/ /tmp" not in obj['Mounts'] and "tmpfs" not in obj['Mounts']
+        ), 'app has no /tmp mounted'