Makes sure killfilter doesn't raise ValueError

* Fixes bug 926412 * Includes failing test Change-Id: Ie0105ff777575d6dd794ce5b5e08545fb54ecf8b
openstack · Feb 8, 2012 · 4ce6645 · 4ce6645
1 parent b0a708f
commit 4ce6645
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 3 deletions.
diff --git a/nova/rootwrap/filters.py b/nova/rootwrap/filters.py
@@ -100,6 +100,8 @@ class KillFilter(CommandFilter):
     """
 
     def match(self, userargs):
+        if userargs[0] != "kill":
+            return False
         args = list(userargs)
         if len(args) == 3:
             signal = args.pop(1)
@@ -113,13 +115,12 @@ def match(self, userargs):
             if '' not in self.args[0]:
                 # No signal, but list doesn't include empty string
                 return False
-        pid = int(args[1])
         try:
-            command = os.readlink("/proc/%d/exe" % pid)
+            command = os.readlink("/proc/%d/exe" % int(args[1]))
             if command not in self.args[1]:
                 # Affected executable not in accepted list
                 return False
-        except:
+        except (ValueError, OSError):
             # Incorrect PID
             return False
         return True

diff --git a/nova/tests/test_nova_rootwrap.py b/nova/tests/test_nova_rootwrap.py
@@ -93,6 +93,16 @@ def test_KillFilter(self):
         # Providing -9 signal should work
         self.assertTrue(f.match(usercmd))
 
+    def test_KillFilter_no_raise(self):
+        """Makes sure ValueError from bug 926412 is gone"""
+        f = filters.KillFilter("/bin/kill", "root", [""])
+        # Providing anything other than kill should be False
+        usercmd = ['notkill', 999999]
+        self.assertFalse(f.match(usercmd))
+        # Providing something that is not a pid should be False
+        usercmd = ['kill', 'notapid']
+        self.assertFalse(f.match(usercmd))
+
     def test_ReadFileFilter(self):
         goodfn = '/good/file.name'
         f = filters.ReadFileFilter(goodfn)