From 3d28e3d3f9cc755389c933e86b9be1edf8ba1dc3 Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Fri, 27 Apr 2012 09:36:34 -0400 Subject: [PATCH] Make KillFilter to handle 'deleted' w/o rstrip. The initial code for this fixed used rstrip incorrectly. This implementation uses endswith and rindex instead and should read a bit more easily. Also added a unit test to test that 'deleted' exe's are filtered correctly. Fixes LP Bug #967931. Change-Id: I1783a8e2d59edd35734673b23e295f5a0b80b988 --- nova/rootwrap/filters.py | 3 ++- nova/tests/test_nova_rootwrap.py | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/nova/rootwrap/filters.py b/nova/rootwrap/filters.py index 566c03b56274..a51ecae3dd9b 100755 --- a/nova/rootwrap/filters.py +++ b/nova/rootwrap/filters.py @@ -119,7 +119,8 @@ class KillFilter(CommandFilter): command = os.readlink("/proc/%d/exe" % int(args[1])) # NOTE(dprince): /proc/PID/exe may have ' (deleted)' on # the end if an executable is updated or deleted - command = command.rstrip(" (deleted)") + if command.endswith(" (deleted)"): + command = command[:command.rindex(" ")] if command not in self.args[1]: # Affected executable not in accepted list return False diff --git a/nova/tests/test_nova_rootwrap.py b/nova/tests/test_nova_rootwrap.py index ee687eacde4a..ca2626b24dac 100644 --- a/nova/tests/test_nova_rootwrap.py +++ b/nova/tests/test_nova_rootwrap.py @@ -103,6 +103,20 @@ class RootwrapTestCase(test.TestCase): usercmd = ['kill', 'notapid'] self.assertFalse(f.match(usercmd)) + def test_KillFilter_deleted_exe(self): + """Makes sure deleted exe's are killed correctly""" + # See bug #967931. + def fake_readlink(blah): + return '/bin/commandddddd (deleted)' + + f = filters.KillFilter("/bin/kill", "root", + [""], + ["/bin/commandddddd"]) + usercmd = ['kill', 1234] + # Providing no signal should work + self.stubs.Set(os, 'readlink', fake_readlink) + self.assertTrue(f.match(usercmd)) + def test_ReadFileFilter(self): goodfn = '/good/file.name' f = filters.ReadFileFilter(goodfn)