istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tools/istio-iptables/pkg/dependencies/implementation_linux_test.go (about) 1 // Copyright Istio Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package dependencies 16 17 import ( 18 "testing" 19 20 // Create a new network namespace. This will have the 'lo' interface ready but nothing else. 21 _ "github.com/howardjohn/unshare-go/netns" 22 // Create a new user namespace. This will map the current UID to 0. 23 _ "github.com/howardjohn/unshare-go/userns" 24 "github.com/vishvananda/netns" 25 26 "istio.io/istio/pkg/test/util/assert" 27 "istio.io/istio/pkg/test/util/file" 28 ) 29 30 func TestRunInSandbox(t *testing.T) { 31 original := file.AsStringOrFail(t, "/etc/nsswitch.conf") 32 var sandboxed string 33 34 originalNetNS, err := netns.Get() 35 assert.NoError(t, err) 36 var sandboxedNetNS netns.NsHandle 37 38 // Due to unshare-go imports above, this can run 39 assert.NoError(t, runInSandbox("", func() error { 40 // We should have overwritten this file with /dev/null 41 sandboxed = file.AsStringOrFail(t, "/etc/nsswitch.conf") 42 sandboxedNetNS, err = netns.Get() 43 assert.NoError(t, err) 44 return nil 45 })) 46 after := file.AsStringOrFail(t, "/etc/nsswitch.conf") 47 assert.Equal(t, sandboxed, "") 48 assert.Equal(t, original, after) 49 assert.Equal(t, originalNetNS.Equal(sandboxedNetNS), true) 50 }