diff options
| author | Vishvananda Ishaya <vishvananda@gmail.com> | 2012-02-03 15:44:29 -0800 |
|---|---|---|
| committer | Vishvananda Ishaya <vishvananda@gmail.com> | 2012-02-07 17:05:30 -0800 |
| commit | 4ce6645f08fffa194f76e5d4105bfb77b6c8cd14 (patch) | |
| tree | a2caf83fcb309a1f2027d8b6cb2c5aeb460a761a /nova | |
| parent | b0a708f67407256a449414a000b070752e51dba2 (diff) | |
| download | nova-4ce6645f08fffa194f76e5d4105bfb77b6c8cd14.tar.gz nova-4ce6645f08fffa194f76e5d4105bfb77b6c8cd14.tar.xz nova-4ce6645f08fffa194f76e5d4105bfb77b6c8cd14.zip | |
Makes sure killfilter doesn't raise ValueError
* Fixes bug 926412
* Includes failing test
Change-Id: Ie0105ff777575d6dd794ce5b5e08545fb54ecf8b
Diffstat (limited to 'nova')
| -rwxr-xr-x | nova/rootwrap/filters.py | 7 | ||||
| -rw-r--r-- | nova/tests/test_nova_rootwrap.py | 10 |
2 files changed, 14 insertions, 3 deletions
diff --git a/nova/rootwrap/filters.py b/nova/rootwrap/filters.py index faaeb11f7..98880194b 100755 --- a/nova/rootwrap/filters.py +++ b/nova/rootwrap/filters.py @@ -100,6 +100,8 @@ class KillFilter(CommandFilter): """ def match(self, userargs): + if userargs[0] != "kill": + return False args = list(userargs) if len(args) == 3: signal = args.pop(1) @@ -113,13 +115,12 @@ class KillFilter(CommandFilter): if '' not in self.args[0]: # No signal, but list doesn't include empty string return False - pid = int(args[1]) try: - command = os.readlink("/proc/%d/exe" % pid) + command = os.readlink("/proc/%d/exe" % int(args[1])) if command not in self.args[1]: # Affected executable not in accepted list return False - except: + except (ValueError, OSError): # Incorrect PID return False return True diff --git a/nova/tests/test_nova_rootwrap.py b/nova/tests/test_nova_rootwrap.py index 38cce3b35..6905bfdc6 100644 --- a/nova/tests/test_nova_rootwrap.py +++ b/nova/tests/test_nova_rootwrap.py @@ -93,6 +93,16 @@ class RootwrapTestCase(test.TestCase): # Providing -9 signal should work self.assertTrue(f.match(usercmd)) + def test_KillFilter_no_raise(self): + """Makes sure ValueError from bug 926412 is gone""" + f = filters.KillFilter("/bin/kill", "root", [""]) + # Providing anything other than kill should be False + usercmd = ['notkill', 999999] + self.assertFalse(f.match(usercmd)) + # Providing something that is not a pid should be False + usercmd = ['kill', 'notapid'] + self.assertFalse(f.match(usercmd)) + def test_ReadFileFilter(self): goodfn = '/good/file.name' f = filters.ReadFileFilter(goodfn) |