Merge "Update KillFilter to handle 'deleted' exe's." into stable/folsom

quantum/rootwrap/filters.py

@@ -158,6 +158,10 @@ def match(self, userargs):
 
         try:
             command = os.readlink("/proc/%d/exe" % int(args[1]))
+            # NOTE(dprince): /proc/PID/exe may have ' (deleted)' on
+            # the end if an executable is updated or deleted
+            if command.endswith(" (deleted)"):
+                command = command[:command.rindex(" ")]
             if command != self.args[0]:
                 # Affected executable doesn't match
                 return False

quantum/tests/unit/test_rootwrap.py

@@ -17,6 +17,7 @@
 import os
 import subprocess
 
+import mock
 import unittest2 as unittest
 
 from quantum.rootwrap import filters
@@ -34,6 +35,9 @@ def setUp(self):
             filters.CommandFilter("/nonexistant/cat", "root"),
             filters.CommandFilter("/bin/cat", "root")]  # Keep this one last
 
+    def tearDown(self):
+        super(RootwrapTestCase, self).tearDown()
+
     def test_RegExpFilter_match(self):
         usercmd = ["ls", "/root"]
         filtermatch = wrapper.match_filter(self.filters, usercmd)
@@ -111,6 +115,16 @@ def test_KillFilter_no_raise(self):
         usercmd = ['kill', 'notapid']
         self.assertFalse(f.match(usercmd))
 
+    def test_KillFilter_deleted_exe(self):
+        """Makes sure deleted exe's are killed correctly"""
+        # See bug #1073768.
+        with mock.patch('os.readlink') as mock_readlink:
+            mock_readlink.return_value = '/bin/commandddddd (deleted)'
+            f = filters.KillFilter("root", "/bin/commandddddd")
+            usercmd = ['kill', 1234]
+            self.assertTrue(f.match(usercmd))
+            mock_readlink.assert_called_once_with("/proc/1234/exe")
+
     def test_ReadFileFilter(self):
         goodfn = '/good/file.name'
         f = filters.ReadFileFilter(goodfn)