From 5d0dc679d50b2930cd5bca1188e80b643e602e3b Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Fri, 3 Feb 2012 15:44:29 -0800 Subject: [PATCH] Makes sure killfilter doesn't raise ValueError * Fixes bug 926412 * Includes failing test Change-Id: Ie0105ff777575d6dd794ce5b5e08545fb54ecf8b --- nova/rootwrap/filters.py | 7 ++++--- nova/tests/test_nova_rootwrap.py | 10 ++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/nova/rootwrap/filters.py b/nova/rootwrap/filters.py index faaeb11f..98880194 100755 --- a/nova/rootwrap/filters.py +++ b/nova/rootwrap/filters.py @@ -100,6 +100,8 @@ class KillFilter(CommandFilter): """ def match(self, userargs): + if userargs[0] != "kill": + return False args = list(userargs) if len(args) == 3: signal = args.pop(1) @@ -113,13 +115,12 @@ class KillFilter(CommandFilter): if '' not in self.args[0]: # No signal, but list doesn't include empty string return False - pid = int(args[1]) try: - command = os.readlink("/proc/%d/exe" % pid) + command = os.readlink("/proc/%d/exe" % int(args[1])) if command not in self.args[1]: # Affected executable not in accepted list return False - except: + except (ValueError, OSError): # Incorrect PID return False return True diff --git a/nova/tests/test_nova_rootwrap.py b/nova/tests/test_nova_rootwrap.py index 38cce3b3..6905bfdc 100644 --- a/nova/tests/test_nova_rootwrap.py +++ b/nova/tests/test_nova_rootwrap.py @@ -93,6 +93,16 @@ class RootwrapTestCase(test.TestCase): # Providing -9 signal should work self.assertTrue(f.match(usercmd)) + def test_KillFilter_no_raise(self): + """Makes sure ValueError from bug 926412 is gone""" + f = filters.KillFilter("/bin/kill", "root", [""]) + # Providing anything other than kill should be False + usercmd = ['notkill', 999999] + self.assertFalse(f.match(usercmd)) + # Providing something that is not a pid should be False + usercmd = ['kill', 'notapid'] + self.assertFalse(f.match(usercmd)) + def test_ReadFileFilter(self): goodfn = '/good/file.name' f = filters.ReadFileFilter(goodfn)