Ionel and Holger, I had considered the --box option, but it only implements process-level isolation which is not enough for my use case as I want to protect also from unrestricted filesystem read/write access. Sorry, I should have mentioned it in the question.
Holger's suggestion instead looks almost good enough as user-level isolation is strong and highly customizable. The only problem is that you need administration access to the machine to create and configure a new user. I'll look into it as I've never used the --tx option. Thanks, Alessandro On Thu, 11 Feb 2016 at 10:44 holger krekel <[email protected]> wrote: > On Thu, Feb 11, 2016 at 11:39 +0200, Ionel Cristian Mărieș wrote: > > There's the `--boxed` option (from > https://pypi.python.org/pypi/pytest-xdist) > > but you can easily do your own "insulator" by using fork syscall. > > Also one can use plain "xdist" which provides process-level isolation. > It shouldn't be too hard to also use another unix user via e.g.: > > py.test --tx ssh=OTHERUSER@localhost --dist=each > > but you need to have setup rsyncing, see > https://pypi.python.org/pypi/pytest-xdist > for some more info. The current "remote" test running is a bit limited > and we plan to improve xdist distribution during the upcoming pytest > sprint, > see > https://www.indiegogo.com/projects/python-testing-sprint-mid-2016/x/4034848#/ > creating an issue for "user-level separation of running tests" or something > similar and adding a little donation is one way to help it :) > > best, > holger > > > > > > Thanks, > > -- Ionel Cristian Mărieș, http://blog.ionelmc.ro > > > > On Thu, Feb 11, 2016 at 10:33 AM, Alessandro Amici <[email protected]> > > wrote: > > > > > Hi, > > > > > > I asked the following question on StackOverflow first > > > http://stackoverflow.com/questions/35322452, but someone quickly (and > > > wrongly in my opinion) marked that as duplicate of the general > "sandboxing > > > in python", so I can't get answers there anymore :( > > > > > > Here is the question: > > > > > > I'm interested in executing potentially untrusted tests with pytest in > > > some kind of sandbox, similarly to what continuous integration > services do. > > > > > > I understand that to properly sandbox a python process you need > OS-level > > > isolation, like running the tests in a disposable chroot/container, > but in > > > my use case I don't need to protect against intentionally malicious > code, > > > only from dangerous behaviour of pairing "randomly" functions with > > > arguments. So lesser strict sandboxing may still be acceptable. But I > > > didn't find any plugin that enables any form of sandboxing. > > > > > > What is the best way to sandbox tests execution in pytest? > > > > > > **Update**: This question is not about [python sandboxing in general]( > > > > http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python > ) > > > as the tests' code is run by pytest and I can't change the way it is > > > executed to use `exec` or `ast` or whatever. Also using pypy-sandbox > is not > > > an option unfortunately as it is "a prototype only" as per the [PyPy > > > feature page](http://pypy.org/features.html). > > > > > > End of question. > > > > > > For context I'm writing a pytest plugin that lets you search installed > > > modules for functions that pass the given feature-specification tests > > > (still alpha): > > > > > > https://github.com/alexamici/pytest-wish > > > > > > If you find the question useful and not answered already on > stackoverflow, > > > the best course of action would be to reopen it and answer there, but > I'll > > > take also an answer here :) > > > > > > Alessandro > > > > > > > > > _______________________________________________ > > > pytest-dev mailing list > > > [email protected] > > > https://mail.python.org/mailman/listinfo/pytest-dev > > > > > > > > > _______________________________________________ > > pytest-dev mailing list > > [email protected] > > https://mail.python.org/mailman/listinfo/pytest-dev > > > -- > about me: http://holgerkrekel.net/about-me/ > contracting: http://merlinux.eu >
_______________________________________________ pytest-dev mailing list [email protected] https://mail.python.org/mailman/listinfo/pytest-dev
