def test_KillFilter(self): p = subprocess.Popen(["sleep", "5"]) f = filters.KillFilter("root", "/bin/sleep", "-9", "-HUP") f2 = filters.KillFilter("root", "/usr/bin/sleep", "-9", "-HUP") usercmd = ['kill', '-ALRM', p.pid] # Incorrect signal should fail self.assertFalse(f.match(usercmd) or f2.match(usercmd)) usercmd = ['kill', p.pid] # Providing no signal should fail self.assertFalse(f.match(usercmd) or f2.match(usercmd)) # Providing matching signal should be allowed usercmd = ['kill', '-9', p.pid] self.assertTrue(f.match(usercmd) or f2.match(usercmd)) f = filters.KillFilter("root", "/bin/sleep") f2 = filters.KillFilter("root", "/usr/bin/sleep") usercmd = ['kill', os.getpid()] # Our own PID does not match /bin/sleep, so it should fail self.assertFalse(f.match(usercmd) or f2.match(usercmd)) usercmd = ['kill', 999999] # Nonexistent PID should fail self.assertFalse(f.match(usercmd) or f2.match(usercmd)) usercmd = ['kill', p.pid] # Providing no signal should work self.assertTrue(f.match(usercmd) or f2.match(usercmd))
def test_KillFilter(self): if not os.path.exists("/proc/%d" % os.getpid()): self.skipTest("Test requires /proc filesystem (procfs)") p = subprocess.Popen(["cat"], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) try: f = filters.KillFilter("root", "/bin/cat", "-9", "-HUP") f2 = filters.KillFilter("root", "/usr/bin/cat", "-9", "-HUP") usercmd = ['kill', '-ALRM', p.pid] # Incorrect signal should fail self.assertFalse(f.match(usercmd) or f2.match(usercmd)) usercmd = ['kill', p.pid] # Providing no signal should fail self.assertFalse(f.match(usercmd) or f2.match(usercmd)) # Providing matching signal should be allowed usercmd = ['kill', '-9', p.pid] self.assertTrue(f.match(usercmd) or f2.match(usercmd)) f = filters.KillFilter("root", "/bin/cat") f2 = filters.KillFilter("root", "/usr/bin/cat") usercmd = ['kill', os.getpid()] # Our own PID does not match /bin/sleep, so it should fail self.assertFalse(f.match(usercmd) or f2.match(usercmd)) usercmd = ['kill', 999999] # Nonexistent PID should fail self.assertFalse(f.match(usercmd) or f2.match(usercmd)) usercmd = ['kill', p.pid] # Providing no signal should work self.assertTrue(f.match(usercmd) or f2.match(usercmd)) finally: # Terminate the "cat" process and wait for it to finish p.terminate() p.wait()
def test_KillFilter(self): p = subprocess.Popen(["/bin/sleep", "5"]) f = filters.KillFilter("/bin/kill", "root", ["-ALRM"], ["/bin/sleep", "/usr/bin/sleep"]) usercmd = ['kill', '-9', p.pid] # Incorrect signal should fail self.assertFalse(f.match(usercmd)) usercmd = ['kill', p.pid] # Providing no signal should fail self.assertFalse(f.match(usercmd)) f = filters.KillFilter("/bin/kill", "root", ["-9", ""], ["/bin/sleep", "/usr/bin/sleep"]) usercmd = ['kill', '-9', os.getpid()] # Our own PID does not match /bin/sleep, so it should fail self.assertFalse(f.match(usercmd)) usercmd = ['kill', '-9', 999999] # Nonexistant PID should fail self.assertFalse(f.match(usercmd)) usercmd = ['kill', p.pid] # Providing no signal should work self.assertTrue(f.match(usercmd)) usercmd = ['kill', '-9', p.pid] # Providing -9 signal should work self.assertTrue(f.match(usercmd))
def test_KillFilter_no_raise(self): """Makes sure ValueError from bug 926412 is gone""" f = filters.KillFilter("root", "") # Providing anything other than kill should be False usercmd = ['notkill', 999999] self.assertFalse(f.match(usercmd)) # Providing something that is not a pid should be False usercmd = ['kill', 'notapid'] self.assertFalse(f.match(usercmd))
def test_KillFilter_deleted_exe(self): """Makes sure deleted exe's are killed correctly""" # See bug #967931. def fake_readlink(blah): return '/bin/commandddddd (deleted)' f = filters.KillFilter("root", "/bin/commandddddd") usercmd = ['kill', 1234] # Providing no signal should work self.stubs.Set(os, 'readlink', fake_readlink) self.assertTrue(f.match(usercmd))
filters.CommandFilter("/usr/bin/arping", "root"), # nova/network/linux_net.py: 'route', '-n' # nova/network/linux_net.py: 'route', 'del', 'default', 'gw' # nova/network/linux_net.py: 'route', 'add', 'default', 'gw' # nova/network/linux_net.py: 'route', '-n' # nova/network/linux_net.py: 'route', 'del', 'default', 'gw', old_gw, .. # nova/network/linux_net.py: 'route', 'add', 'default', 'gw', old_gateway filters.CommandFilter("/sbin/route", "root"), # nova/network/linux_net.py: 'dhcp_release', dev, address, mac_address filters.CommandFilter("/usr/bin/dhcp_release", "root"), # nova/network/linux_net.py: 'kill', '-9', pid # nova/network/linux_net.py: 'kill', '-HUP', pid filters.KillFilter("/bin/kill", "root", ['-9', '-HUP'], ['/usr/sbin/dnsmasq']), # nova/network/linux_net.py: 'kill', pid filters.KillFilter("/bin/kill", "root", [''], ['/usr/sbin/radvd']), # nova/network/linux_net.py: dnsmasq call filters.DnsmasqFilter("/usr/sbin/dnsmasq", "root"), # nova/network/linux_net.py: 'radvd', '-C', '%s' % _ra_file(dev, 'conf'),.. filters.CommandFilter("/usr/sbin/radvd", "root"), # nova/network/linux_net.py: 'brctl', 'addbr', bridge # nova/network/linux_net.py: 'brctl', 'setfd', bridge, 0 # nova/network/linux_net.py: 'brctl', 'stp', bridge, 'off' # nova/network/linux_net.py: 'brctl', 'addif', bridge, interface filters.CommandFilter("/sbin/brctl", "root"),