In containerized RHEL 9 environment the KillFilter test started to fail
because `os.readlink("/proc/<pid-of-cat/exe>")` return /usr/bin/coreutils.
Indeed cat is part of the coreutils package and the symlink of
this file point toward coreutils. Fixing this bug by adding
coreutils as a possible returned value for our tests.
Closes-Bug: #2037383
Change-Id: I141eb15efa30c7df3ca5419b594097f4b683663c
The current logic prevents from using a full path as argument.
We can't just compare basename to basename as it would allow passing
bogus paths. We need to make sure that passing a full path will compare
to the config's full path.
Closes-Bug: #1956606
Change-Id: I76094065de5b37f59a2500fbce7f500ada9915da
The Python 2.7 Support has been dropped since Ussuri.
So remove hacking rules for compatibility between python 2 and 3.
Change-Id: Idd6a1efd1857a70fc7d960b365bfc58d6cbe00d3
When the client stops, sends a shutdown command to the root daemon.
If the socket is still in use, it will return a RuntimeError and
stop the code execution.
Instead of this, this exception is now captured and the shutdown
command re-executed up to 3 times. In case of not succeeding, the
process will continue the client shutdown.
Change-Id: I0302b49e38523d6170be407d4563928cfcc3c1a3
Closes-Bug: #1878222
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found.
Remove hacking and friends from lower-constraints, they are not needed
for installation.
Change-Id: If75153300f07e6d1c5bf433af35a0dd4d98e6c7f
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: Icd7019c924386fb9c047fc55fb98e45fcb79f2eb
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
This function will call "os.path.realpth" and this in turn could call
"os.getcwd". If the current path has been deleted by other application,
this method will raise FileNotFoundError exception. This new function
catches and unsets this exception, returning an empty string.
Change-Id: If70411d8d189de4a020e528cd54412a5678cfab9
Closes-Bug: #1864090
When the daemon process is timeout, it will kill itself. But the parent
doesn't reap it. This patch add a thread to wait the process to be done
once the daemon is started.
Closes-Bug: #1850241
Change-Id: Ic209b8ef86c2522ce7e4bd81ac57bf13f1706a81
Change Idd98c183eca3e2df8648fc0f37d27fe9cc6d0563 stopped closing
filedescriptors beyond the sensible_fd_limit. With this patch
the previous behavior is restored. We can close the fds more efficiently
by just iterating over /proc/self/fd on Linux and only change
the rlimit/MAXFD setting when successful.
Change-Id: I3b481ddd14ae2b948270d715aad157cf3996def7
The use of the "resource" module now prevents oslo.rootwrap from
being imported on Windows.
Although oslo.rootwrap is not effectively used on Windows, it's
important for it to at least be importable, since it's widely
used throughout OpenStack projects without having platform checks
in place.
This change checks if the "resource" module is avaialble before
attempting to use it.
Change-Id: I2391315f77718a3c9eb9fc8c03a6882237f33548
Closes-Bug: #1804639
On Python 2.x, a subprocess.Popen() with close_fds=True will
fork and then close filedescriptors range(3..os.sysconf("SC_OPEN_MAX")),
which thanks to Kernel PTI (Kaiser patches) is significantly slower
in 2018 when the range is very large. With a soft limit of 1048576,
benchmark.py reports an overhead of ~ 400ms without this patch and 2ms
with the patch applied. This patch adds a configuration option and
sets a more sensible default of 1024 file descriptor limit by default.
Closes-Bug: 1796267
Change-Id: Idd98c183eca3e2df8648fc0f37d27fe9cc6d0563
Currently, this filter only takes into account 'ip netns exec' as
input but this command accepts different aliases like 'ip net e' or
'ip netn ex', etcetera. This is a security issue since bypassing
this filter basically allows anyone to execute arbitary commands
because IpFilter will get hit and there's not going to be any
further checks against CommandFilters.
Change-Id: I2f6e55de4e60f2d3a6166c2fefbc31e9afc6c26f
Closes-Bug: 1765734
Co-Authored-By: Jakub Libosvar <jlibosva@redhat.com>
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
Add the bandit security scanner to the pep8 job.
* convert assert statement to raise AssertionError
* Don't hard code '/tmp' in test
* skip B404
Change-Id: Ie30163d32dc6884667f0725f5aced809c0de82d0
When journald crashes, the /dev/log socket is not present
and rootwrap calls fail with an unclear error message.
Ignore syslog configuration, log a warning and proceed in
those cases.
Change-Id: I4152593696ad63a977f127da3b00934feb14b069
Closes-Bug: #1730949
Wrap the call with eventlet.Semaphore. Simultaneous Client.execute
calls can fail badly. Alternatively, rootwrap daemon connections
could be made every time when Client.execute is called, without
using a semaphore.
Change-Id: Id9d38832c67f2d81d382cda797a48fee943a27f1
Closes-bug: #1654287
When mocking daemon_start(), define a string return value for
tempfile.mkdtemp(), ensuring temp_dir is a string when passed to
os.path.join(temp_dir, "rootwrap.sock").
Change-Id: I502c9cc53f40cbea89243a2321d1bc63f05e7c7b
Closes-Bug: 1709505
If the client side abnormally exits, its rootwrap daemon cannot
receive a shutdown message and will be left forever. Let it timeout
and exit to save such cases.
Change-Id: I783717b5fa019371747b98bf92965b6e689603f6
Related-bug: #1658973
Related-bug: #1658977
Related-bug: #1663458
A rootwrap filter directory may contain subdirectories. The rootwrap
daemon will crash when it tries to load filters from subdirectories.
So subdirectories should be skipped.
Change-Id: I4f618734300bf5eb81282fbf8fc213f995a4fe59
oslo.rootwrap currently imports a few Linux-specific modules, which
means that any services importing oslo.rootwrap modules will fail to
start on Windows (e.g.: neutron-ovs-agent).
Change-Id: I229c311939facdffdcde484f590e980102024b5a
Closes-Bug: #1661326
In daemon mode, if run a cmd which does not exist,
it will raise an Exception. But when we install the
cmd later and run cmd, it still raise an Exception.
The only work around right now is to restart the
daemon, with this change, we can avoid restarting
the daemon
Closes-Bug: #1663216
Change-Id: I6f6ff540ed103f0fec329d6264bdac26493c8fad
We need to pass into VersionInfo what one would expect from running:
setup.py --name
Right now we pass in say oslo_context and pbr fails if there is no .git in
the python source tree
Closes-Bug: #1662266
Change-Id: I9bdf6a792cb18432268e6aaaa509e25119775597
We don't want to keep listening on the parent's sockets (e.g. when
started by neutron-openvswitch agent) after forking the rootwrap
daemon.
Closes-Bug: #1658973
Change-Id: I3e364e9d3ad4e2fcd6f4d8f52f847ec9fa944572
Looks like things changed in 3.2:
"In previous versions of configparser behaviour matched strict=False."
from:
https://docs.python.org/3/library/configparser.html
Closes-Bug: #1652157
Change-Id: Iffb058b72b14b7535c501d5bf03b8f3576443b34
Running a unknown command (which is mentioned in the filter
but not available on the filesystem) leads currently to an exception.
Make sure that the return codes for both, daemon and non-daemon mode
are equal when running the same command.
Also add functional tests for this case.
Change-Id: I20004c3c370d004b5b76f4c8f8ab167d0949fabf
Closes-Bug: #1632768
* _program_path() now uses shutil.which() if available
(Python 3.3 and newer)
* Convert _program_path() to static method (self is not needed)
* Explain when os.readlink("/proc/pid/exe") result can contain NUL
byte followed by junk data
* PATH environment variable: use os.defpath if PATH is not set
(as shutil.which())
* Update test_KillFilter_renamed_exe() for Python 3 using
shutil.which(): mock also os.path.exists() and os.access()
* test_KillFilter_upgraded_exe(), test_KillFilter_renamed_exe(): use
@mock.patch() decorator
* Cleanup the code
Change-Id: I91a7a8505380d4aeae7b2c0b3199e25b17b96888
Many assertEqual sentences don't follow assertEqual(expected, actual),
These misplaces have 2 impacts:
1, giving confusing messages when some tests failed.
2, mislead other developers, new test modules may follow these wrong pattern.
This patch fix all of them.
Change-Id: I4adfc98d6eecd5ea117d725775b2476b237212d9
Closes-Bug: #1604213
To support the seamless transition from oslo.rootwrap to oslo.privsep
across multiple projects: nova, neutron, cinder, and libraries os-vif,
os-brick we need to be able to execute privsep-helper as root from
rootwrap.
Rootwrap's use of etc (by default) for rules makes the upgrade path
very manual for operators. Given that every project is going to add
the same privsep-helper rule at some point over the next few cycles,
instead of making every project have to have a manual update process,
we just whitelist privsep-helper. This will immediately make it
available for all, and upgrades become far more seamless.
Change-Id: If8b60f2d671b9d12c58226019d787917efaedd9c
Remove this option that appears ignored. For reference by similar name
only, this option is marked as deprecated and to be removed from oslo.log
in Mitaka. Refer to I9b77899fe437d359df2a15961866b194b564ca48.
Change-Id: I9a97b53d829a9ca6b92ee4b545f616a3bc5b25be
In Python 3, input and output for Popen.communicate() is bytes type.
Therefore, encode input data and decode return data for Popen.communicate().
Change-Id: Id6d85eea4c771ac9756ef08ba80ebc09005fcc3e
Related Change-Id: I70f009e3366f0eeda5790652ea14f3627b934664
Use eventlet.green.subprocess if eventlet is used and enable eventlet
tests on Python 3.
This change adds oslo_rootwrap.subprocess which is
eventlet.green.subprocess if eventlet monkey-patching is enabled or
if the TEST_EVENTLET environment variable is set, or subprocess of
the Python standard library otherwise.
When eventlet is used (with monkey-patching or not), it's more
reliable to use eventlet.green.subprocess instead of using directly
subprocess from the Python standard library.
On Python 2, it "works" to use directly subprocess: subprocess.Popen
calls os.pipe() and os.fdopen(fd) which are both monkey-patched. On
Python 3, it doesn't work because subprocess uses os.pipe() and
io.open(fd), and the io module is *not* monkey-patched at all.
Change-Id: Ib859bebe52612b35f0f1f53aedf76222683795e7
* get StringIO from six.StringIO to support Python 2 and Python 3
* Replace "__builtin__.open" with "six.moves.builtins.open" to mock
open()
* Workaround a Python 3.4.0 regression: get the log level directly
from logging._nameToLevel instead of using logging.getLevelName().
Replace Python 3.3 with Python 3.4:
* tox.ini: replace py33 test environment with py34
* setup.cfg: replace "Programming Language :: Python :: 3.3"
classifier with "Programming Language :: Python :: 3.4"
Change-Id: Ied495f5867f47eee57b64ab35c0423913ee17d6e
explicitely -> explicitly
priviledges -> privileges
for README.rst
Plus some source comment fix.
Change-Id: Ibbe08d01e0cd380604fbd43786c8adb0ac9765f1
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
A running process may refer to a renamed executable
referenced by /proc/$pid/exe, which happens with
updated executables on RPM based systems.
In that case we defer to the path in /proc/$pid/cmdline
if it exists.
Change-Id: I113f2f8ebd56f3b05c420310c4b1e84ba6f17fcf
Closes-Bug: 1482316
If something in the daemon_start() function fails before server variable
is initialized, we get the following exception:
UnboundLocalError: local variable 'server' referenced before assignment
We should not attempt to close connections or kill all threads for a
daemon that failed to start (or that hasn't even reached the moment of
the start).
Closes-Bug: #1465350
Change-Id: I7769e40c13e3bd740d5b8a949a61d1bcc127f137
If rootwrap daemon fails to spawn then it's still logged as if it was
spawned due to process is wrapped by sudo that is actually spawned. That
is confusing when debugging. This patch moves the logging message after
it's re-checked whether process was actually spawned.
Change-Id: I1b60e727e5dc90335dabf96877a60e685b7e9a2d
Hervé Beraud