Update KillFilter to handle 'deleted' exe's.

Updates KillFilter so that it handles the case where the executable
linked to by /proc/PID/exe is updated or deleted.

Includes new test case with coverage for this fix as well.

Fixes LP Bug #1073768

Change-Id: If568693e0b491f8806ff0156701766929ca0b3e0
This commit is contained in:
Dan Prince 2012-10-31 22:11:42 -04:00
parent 2917884dd5
commit 342de823b2
2 changed files with 18 additions and 0 deletions

View File

@ -158,6 +158,10 @@ class KillFilter(CommandFilter):
try: try:
command = os.readlink("/proc/%d/exe" % int(args[1])) command = os.readlink("/proc/%d/exe" % int(args[1]))
# NOTE(dprince): /proc/PID/exe may have ' (deleted)' on
# the end if an executable is updated or deleted
if command.endswith(" (deleted)"):
command = command[:command.rindex(" ")]
if command != self.args[0]: if command != self.args[0]:
# Affected executable doesn't match # Affected executable doesn't match
return False return False

View File

@ -17,6 +17,7 @@
import os import os
import subprocess import subprocess
import mock
import unittest2 as unittest import unittest2 as unittest
from quantum.common import utils from quantum.common import utils
@ -35,6 +36,9 @@ class RootwrapTestCase(unittest.TestCase):
filters.CommandFilter("/nonexistant/cat", "root"), filters.CommandFilter("/nonexistant/cat", "root"),
filters.CommandFilter("/bin/cat", "root")] # Keep this one last filters.CommandFilter("/bin/cat", "root")] # Keep this one last
def tearDown(self):
super(RootwrapTestCase, self).tearDown()
def test_RegExpFilter_match(self): def test_RegExpFilter_match(self):
usercmd = ["ls", "/root"] usercmd = ["ls", "/root"]
filtermatch = wrapper.match_filter(self.filters, usercmd) filtermatch = wrapper.match_filter(self.filters, usercmd)
@ -112,6 +116,16 @@ class RootwrapTestCase(unittest.TestCase):
usercmd = ['kill', 'notapid'] usercmd = ['kill', 'notapid']
self.assertFalse(f.match(usercmd)) self.assertFalse(f.match(usercmd))
def test_KillFilter_deleted_exe(self):
"""Makes sure deleted exe's are killed correctly"""
# See bug #1073768.
with mock.patch('os.readlink') as mock_readlink:
mock_readlink.return_value = '/bin/commandddddd (deleted)'
f = filters.KillFilter("root", "/bin/commandddddd")
usercmd = ['kill', 1234]
self.assertTrue(f.match(usercmd))
mock_readlink.assert_called_once_with("/proc/1234/exe")
def test_ReadFileFilter(self): def test_ReadFileFilter(self):
goodfn = '/good/file.name' goodfn = '/good/file.name'
f = filters.ReadFileFilter(goodfn) f = filters.ReadFileFilter(goodfn)