From 50c32af5a366bfd5c3a74c468ed47f97684372ab Mon Sep 17 00:00:00 2001 From: Adrian Likins Date: Tue, 25 Sep 2007 13:07:54 -0400 Subject: Be a bit more paranoid about sub processes. Before we could just send "aux; some_arbitrary_command_here" and "some_arbitrary_command_here" would get executed. Also, for some reason, if we send process.kill just one argument, it kills funcd dead. I'm not sure why currently --- modules/process.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/modules/process.py b/modules/process.py index 1accbf5..2c40f9b 100755 --- a/modules/process.py +++ b/modules/process.py @@ -40,7 +40,9 @@ class ProcessModule(func_module.FuncModule): flags.replace(";","") # prevent stupidity - cmd = sub_process.Popen("ps %s" % flags,stdout=sub_process.PIPE,shell=True) + + #FIXME: we need to swallow stdout/stderr as well, right now it spews to the console + cmd = sub_process.Popen(["/bin/ps", flags] ,executable="/bin/ps", stdout=sub_process.PIPE,shell=False) data = cmd.communicate()[0] results = [] @@ -51,13 +53,14 @@ class ProcessModule(func_module.FuncModule): return results + def kill(self,pid,level=""): - rc = sub_process.call("/bin/kill %s %s" % (pid, level), shell=True) + rc = sub_process.call(["/bin/kill", pid, level], executable="/bin/kill", shell=False) return rc def pkill(self,name,level=""): # example killall("thunderbird","-9") - rc = sub_process.call("/usr/bin/pkill %s %s" % (name, level), shell=True) + rc = sub_process.call(["/usr/bin/pkill", name, level], executable="/usr/bin/pkill", shell=False) return rc methods = ProcessModule() -- cgit From 35c3766557793329b9e1ea31b18ea66830367845 Mon Sep 17 00:00:00 2001 From: Adrian Likins Date: Tue, 25 Sep 2007 13:40:56 -0400 Subject: fix up logging a bit. I was sending the audit logs and the svc logs to the same logger before --- minion/logger.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/minion/logger.py b/minion/logger.py index 1e60dc0..7747824 100755 --- a/minion/logger.py +++ b/minion/logger.py @@ -55,7 +55,8 @@ class Logger(Singleton): self._no_handlers = False -class AuditLogger(Logger): +class AuditLogger(Singleton): + _no_handlers = True def __init__(self, logfilepath = "/var/log/func/audit.log"): self.loglevel = logging.INFO self._setup_logging() @@ -67,6 +68,16 @@ class AuditLogger(Logger): self.logger.info("%s called with %s" % (method, params)) + def _setup_logging(self): + self.logger = logging.getLogger("audit") + + def _setup_handlers(self, logfilepath="/var/log/func/audit.log"): + handler = logging.FileHandler(logfilepath, "a") + self.logger.setLevel(self.loglevel) + formatter = logging.Formatter("%(asctime)s - %(levelname)s - %(message)s") + handler.setFormatter(formatter) + self.logger.addHandler(handler) + self._no_handlers = False -- cgit From 6d5746d617385978fb316ac90cc05eaa0f39b8b9 Mon Sep 17 00:00:00 2001 From: Adrian Likins Date: Tue, 25 Sep 2007 14:20:17 -0400 Subject: catch some potentially bad args to the process.kill method We don't want empty args to end up killing the calling process, aka, funcd, so we filter those out. --- modules/process.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/modules/process.py b/modules/process.py index 2c40f9b..78e5aea 100755 --- a/modules/process.py +++ b/modules/process.py @@ -16,6 +16,7 @@ # other modules import sub_process +import codes # our modules from modules import func_module @@ -54,8 +55,16 @@ class ProcessModule(func_module.FuncModule): return results - def kill(self,pid,level=""): - rc = sub_process.call(["/bin/kill", pid, level], executable="/bin/kill", shell=False) + def kill(self,pid,signal="TERM"): + if pid == "0": + raise codes.FuncException("Killing pid group 0 not permitted") + if signal == "": + # this is default /bin/kill behaviour, it claims, but enfore it anyway + signal = "-TERM" + if signal[0] != "-": + signal = "-%s" % signal + rc = sub_process.call(["/bin/kill",signal, pid], executable="/bin/kill", shell=False) + print rc return rc def pkill(self,name,level=""): -- cgit