From 78c68b84dfc22eec233a607a6b596602487799d7 Mon Sep 17 00:00:00 2001
From: Adam Gandelman <adamg@canonical.com>
Date: Wed, 25 Jan 2012 12:27:05 -0800
Subject: rootwrap: Fix KillFilter matching

The match() method in the KillFilter is a bit buggy. Since most/many
run through this logic in their way to being matched, it creates subtle
issues elsewhere, specifically during linux_net bridge creation.  This
fixes two issues.

1. userargs gets elements directly popped off of it.  If the KillFilter
does not match the command its checking, the later filter that does is missing
one argument.
2. Type error on pid when checking /proc, this was causing issues on instance
tear down / kill -HUP'ing dnsmasq.

Fixes bug 921784

Change-Id: I058ff2276e3154e8c1f6cc7077fa485db60e5827
---
 nova/rootwrap/filters.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/nova/rootwrap/filters.py b/nova/rootwrap/filters.py
index 05eaf7676..d16fc9a57 100755
--- a/nova/rootwrap/filters.py
+++ b/nova/rootwrap/filters.py
@@ -100,19 +100,20 @@ class KillFilter(CommandFilter):
     """
 
     def match(self, userargs):
-        if len(userargs) == 3:
-            signal = userargs.pop(1)
+        args = list(userargs)
+        if len(args) == 3:
+            signal = args.pop(1)
             if signal not in self.args[0]:
                 # Requested signal not in accepted list
                 return False
         else:
-            if len(userargs) != 2:
+            if len(args) != 2:
                 # Incorrect number of arguments
                 return False
             if '' not in self.args[0]:
                 # No signal, but list doesn't include empty string
                 return False
-        pid = userargs[1]
+        pid = int(args[1])
         try:
             command = os.readlink("/proc/%d/exe" % pid)
             if command not in self.args[1]:
-- 
cgit