Merge "Update KillFilter to stop at '\0' for readlink() function."

2 files changed, 16 insertions, 0 deletions

diff --git a/openstack/common/rootwrap/filters.py b/openstack/common/rootwrap/filters.py
index 58121cb..ae7c62c 100644
--- a/openstack/common/rootwrap/filters.py
+++ b/openstack/common/rootwrap/filters.py
@@ -194,6 +194,10 @@ class KillFilter(CommandFilter):
                 return False
         try:
             command = os.readlink("/proc/%d/exe" % int(args[1]))
+            # NOTE(yufang521247): /proc/PID/exe may have '\0' on the
+            # end, because python doen't stop at '\0' when read the
+            # target path.
+            command = command.split('\0')[0]
             # NOTE(dprince): /proc/PID/exe may have ' (deleted)' on
             # the end if an executable is updated or deleted
             if command.endswith(" (deleted)"):
diff --git a/tests/unit/test_rootwrap.py b/tests/unit/test_rootwrap.py
index ea6ccbb..5a5d9ca 100644
--- a/tests/unit/test_rootwrap.py
+++ b/tests/unit/test_rootwrap.py
@@ -134,6 +134,18 @@ class RootwrapTestCase(utils.BaseTestCase):
         self.stubs.Set(os, 'readlink', fake_readlink)
         self.assertTrue(f.match(usercmd))
 
+    def test_KillFilter_upgraded_exe(self):
+        """Makes sure upgraded exe's are killed correctly"""
+        # See bug #1179793.
+        def fake_readlink(blah):
+            return '/bin/commandddddd\0\05190bfb2 (deleted)'
+
+        f = filters.KillFilter("root", "/bin/commandddddd")
+        usercmd = ['kill', 1234]
+
+        self.stubs.Set(os, 'readlink', fake_readlink)
+        self.assertTrue(f.match(usercmd))
+
     def test_ReadFileFilter(self):
         goodfn = '/good/file.name'
         f = filters.ReadFileFilter(goodfn)