Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:Update
python-azure-agent.10543
paa_cve_2019-0804.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File paa_cve_2019-0804.patch of Package python-azure-agent.10543
From f9e292577be29a9490f62420c6bbed44dfc30a09 Mon Sep 17 00:00:00 2001 From: mbearup <mbearup@microsoft.com> Date: Tue, 26 Feb 2019 14:14:24 -0800 Subject: [PATCH] Add fixes for handling swap file --- .../daemon/resourcedisk/default.py | 35 ++++++++++++++----- .../daemon/resourcedisk/freebsd.py | 6 ++-- tests/distro/test_resourceDisk.py | 35 +++++++++++++++++-- 3 files changed, 61 insertions(+), 15 deletions(-) diff --git a/azurelinuxagent/daemon/resourcedisk/default.py b/azurelinuxagent/daemon/resourcedisk/default.py index 0f0925d..321c7bc 100644 --- a/azurelinuxagent/daemon/resourcedisk/default.py +++ b/azurelinuxagent/daemon/resourcedisk/default.py @@ -16,6 +16,7 @@ # import os +import stat import re import sys import threading @@ -245,16 +246,28 @@ def get_mount_string(mount_options, partition, mount_point): else: return 'mount {0} {1}'.format(partition, mount_point) + @staticmethod + def check_existing_swap_file(swapfile, size): + swaplist = shellutil.run_get_output("swapon -s")[1] + + if swapfile in swaplist and os.path.isfile(swapfile) and os.path.getsize(swapfile) == size: + logger.info("Swap already enabled") + # restrict access to owner (remove all access from group, others) + swapfile_mode = os.stat(swapfile).st_mode + if swapfile_mode & (stat.S_IRWXG | stat.S_IRWXO): + swapfile_mode = swapfile_mode & ~(stat.S_IRWXG | stat.S_IRWXO) + logger.info("Changing mode of {0} to {1:o}".format(swapfile, swapfile_mode)) + os.chmod(swapfile, swapfile_mode) + return True + + return False + def create_swap_space(self, mount_point, size_mb): size_kb = size_mb * 1024 size = size_kb * 1024 swapfile = os.path.join(mount_point, 'swapfile') - swaplist = shellutil.run_get_output("swapon -s")[1] - if swapfile in swaplist \ - and os.path.isfile(swapfile) \ - and os.path.getsize(swapfile) == size: - logger.info("Swap already enabled") + if self.check_existing_swap_file(swapfile, size): return if os.path.isfile(swapfile) and os.path.getsize(swapfile) != size: @@ -305,13 +318,18 @@ def mkfile(self, filename, nbytes): # Probable errors: # - OSError: Seen on Cygwin, libc notimpl? # - AttributeError: What if someone runs this under... + fd = None + try: - with open(filename, 'w') as f: - os.posix_fallocate(f.fileno(), 0, nbytes) - return 0 + fd = os.open(filename, os.O_CREAT | os.O_WRONLY, stat.S_IRUSR | stat.S_IWUSR) + os.posix_fallocate(fd, 0, nbytes) + return 0 except: # Not confident with this thing, just keep trying... pass + finally: + if fd is not None: + os.close(fd) # fallocate command ret = shellutil.run( @@ -340,3 +358,4 @@ def mkfile(self, filename, nbytes): logger.error("dd unsuccessful") return ret + diff --git a/azurelinuxagent/daemon/resourcedisk/freebsd.py b/azurelinuxagent/daemon/resourcedisk/freebsd.py index ece166b..f1a5d91 100644 --- a/azurelinuxagent/daemon/resourcedisk/freebsd.py +++ b/azurelinuxagent/daemon/resourcedisk/freebsd.py @@ -130,10 +130,7 @@ def create_swap_space(self, mount_point, size_mb): swapfile = os.path.join(mount_point, 'swapfile') swaplist = shellutil.run_get_output("swapctl -l")[1] - if swapfile in swaplist \ - and os.path.isfile(swapfile) \ - and os.path.getsize(swapfile) == size: - logger.info("Swap already enabled") + if self.check_existing_swap_file(swapfile, size): return if os.path.isfile(swapfile) and os.path.getsize(swapfile) != size: @@ -161,3 +158,4 @@ def create_swap_space(self, mount_point, size_mb): if shellutil.run("swapon /dev/{0}".format(mddevice)): raise ResourceDiskError("/dev/{0}".format(mddevice)) logger.info("Enabled {0}KB of swap at /dev/{1} ({2})".format(size_kb, mddevice, swapfile)) + diff --git a/tests/distro/test_resourceDisk.py b/tests/distro/test_resourceDisk.py index d2ce6e1..9b27ade 100644 --- a/tests/distro/test_resourceDisk.py +++ b/tests/distro/test_resourceDisk.py @@ -18,12 +18,11 @@ # http://msdn.microsoft.com/en-us/library/cc227282%28PROT.10%29.aspx # http://msdn.microsoft.com/en-us/library/cc227259%28PROT.13%29.aspx -import sys +import stat from azurelinuxagent.common.utils import shellutil from azurelinuxagent.daemon.resourcedisk import get_resourcedisk_handler from tests.tools import * - class TestResourceDisk(AgentTestCase): def test_mkfile(self): # setup @@ -38,6 +37,10 @@ def test_mkfile(self): # assert assert os.path.exists(test_file) + # only the owner should have access + mode = os.stat(test_file).st_mode & (stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO) + assert mode == stat.S_IRUSR | stat.S_IWUSR + # cleanup os.remove(test_file) @@ -83,7 +86,6 @@ def test_mkfile_xfs_fs(self): assert run_patch.call_count == 1 assert "dd if" in run_patch.call_args_list[0][0][0] - def test_change_partition_type(self): resource_handler = get_resourcedisk_handler() # test when sfdisk --part-type does not exist @@ -105,6 +107,33 @@ def test_change_partition_type(self): assert run_patch.call_count == 1 assert "sfdisk --part-type" in run_patch.call_args_list[0][0][0] + def test_check_existing_swap_file(self): + test_file = os.path.join(self.tmp_dir, 'test_swap_file') + file_size = 1024 * 128 + if os.path.exists(test_file): + os.remove(test_file) + + with open(test_file, "wb") as file: + file.write(bytes(file_size)) + + os.chmod(test_file, stat.S_ISUID | stat.S_ISGID | stat.S_IRUSR | stat.S_IWUSR | stat.S_IRWXG | stat.S_IRWXO) # 0o6677 + + def swap_on(_): # mimic the output of "swapon -s" + return [ + "Filename Type Size Used Priority", + "{0} partition 16498684 0 -2".format(test_file) + ] + + with patch.object(shellutil, "run_get_output", side_effect=swap_on): + get_resourcedisk_handler().check_existing_swap_file(test_file, file_size) + + # it should remove access from group, others + mode = os.stat(test_file).st_mode & (stat.S_ISUID | stat.S_ISGID | stat.S_IRWXU | stat.S_IWUSR | stat.S_IRWXG | stat.S_IRWXO) # 0o6777 + assert mode == stat.S_ISUID | stat.S_ISGID | stat.S_IRUSR | stat.S_IWUSR # 0o6600 + + os.remove(test_file) + if __name__ == '__main__': unittest.main() +
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor