Example #1
0
    def test_KillFilter(self):
        if not os.path.exists("/proc/%d" % os.getpid()):
            self.skipTest("Test requires /proc filesystem (procfs)")
        p = subprocess.Popen(["cat"],
                             stdin=subprocess.PIPE,
                             stdout=subprocess.PIPE,
                             stderr=subprocess.STDOUT)
        try:
            f = filters.KillFilter("root", "/bin/cat", "-9", "-HUP")
            f2 = filters.KillFilter("root", "/usr/bin/cat", "-9", "-HUP")
            usercmd = ['kill', '-ALRM', p.pid]
            # Incorrect signal should fail
            self.assertFalse(f.match(usercmd) or f2.match(usercmd))
            usercmd = ['kill', p.pid]
            # Providing no signal should fail
            self.assertFalse(f.match(usercmd) or f2.match(usercmd))
            # Providing matching signal should be allowed
            usercmd = ['kill', '-9', p.pid]
            self.assertTrue(f.match(usercmd) or f2.match(usercmd))

            f = filters.KillFilter("root", "/bin/cat")
            f2 = filters.KillFilter("root", "/usr/bin/cat")
            usercmd = ['kill', os.getpid()]
            # Our own PID does not match /bin/sleep, so it should fail
            self.assertFalse(f.match(usercmd) or f2.match(usercmd))
            usercmd = ['kill', 999999]
            # Nonexistent PID should fail
            self.assertFalse(f.match(usercmd) or f2.match(usercmd))
            usercmd = ['kill', p.pid]
            # Providing no signal should work
            self.assertTrue(f.match(usercmd) or f2.match(usercmd))

            # verify that relative paths are matched against $PATH
            f = filters.KillFilter("root", "cat")
            # Our own PID does not match so it should fail
            usercmd = ['kill', os.getpid()]
            self.assertFalse(f.match(usercmd))
            # Filter should find cat in /bin or /usr/bin
            usercmd = ['kill', p.pid]
            self.assertTrue(f.match(usercmd))
            # Filter shouldn't be able to find binary in $PATH, so fail
            with fixtures.EnvironmentVariable("PATH", "/foo:/bar"):
                self.assertFalse(f.match(usercmd))
            # ensure that unset $PATH is not causing an exception
            with fixtures.EnvironmentVariable("PATH"):
                self.assertFalse(f.match(usercmd))
        finally:
            # Terminate the "cat" process and wait for it to finish
            p.terminate()
            p.wait()
Example #2
0
 def test_KillFilter_upgraded_exe(self):
     """Makes sure upgraded exe's are killed correctly."""
     f = filters.KillFilter("root", "/bin/commandddddd")
     usercmd = ['kill', 1234]
     with mock.patch('os.readlink') as readlink:
         readlink.return_value = '/bin/commandddddd\0\05190bfb2 (deleted)'
         self.assertTrue(f.match(usercmd))
Example #3
0
 def test_KillFilter_deleted_exe(self):
     """Makes sure deleted exe's are killed correctly."""
     f = filters.KillFilter("root", "/bin/commandddddd")
     usercmd = ['kill', 1234]
     # Providing no signal should work
     with mock.patch('os.readlink') as readlink:
         readlink.return_value = '/bin/commandddddd (deleted)'
         self.assertTrue(f.match(usercmd))
Example #4
0
 def test_KillFilter_no_raise(self):
     """Makes sure ValueError from bug 926412 is gone."""
     f = filters.KillFilter("root", "")
     # Providing anything other than kill should be False
     usercmd = ['notkill', 999999]
     self.assertFalse(f.match(usercmd))
     # Providing something that is not a pid should be False
     usercmd = ['kill', 'notapid']
     self.assertFalse(f.match(usercmd))
     # no arguments should also be fine
     self.assertFalse(f.match([]))
     self.assertFalse(f.match(None))