Bugfix: Auto-assessment - Restricting execution permissions to root user/ owner #299
Conversation
nikhim-um
requested review from
kjohn-msft,
rane-rajasi and
najams
as code owners
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #299 +/- ##
==========================================
+ Coverage 92.43% 92.49% +0.06%
==========================================
Files 97 99 +2
Lines 16237 16287 +50
==========================================
+ Hits 15008 15064 +56
+ Misses 1229 1223 -6
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
kjohn-msft
changed the title
There was a problem hiding this comment.
Test for an auto assessment run that is auto triggered on schedule. The one added to this description is a default one that triggers during ConfigurePatching. You'll have to wait for ~12 hours for the auto assessment service to run without any external push. It will write status to the previous seqno but the activityId between PatchAssessmentResult and ConfigurePatchingResult will be different alongwith the startTime
|
Please provide the *.aa.log file into PR description showing an actual AA run (edit -> attach). Also include a regular log file showing the aa configuration by core. Status entries as 'Platform' also come from non-auto-assessment configurePatching calls and is not conclusive on which code path executed. |
|
lets not include any msft internal application docs/links etc here, security concern |
There was a problem hiding this comment.
since this pr touches 2 files with lowest code coverage, this will flag code coverage while merge current state it won't affect coverage %, but best practice is to add ut coverage for other logics in servicemanager and timermanager.py, so our overall coverage will reach target goal: 95%
attached |
Provided screenshot to verify this |
This release includes: [x] Engg. hygiene: Remove TelemetryWriter related log noise [#312](#312) [x] Bugfix: Mitigate external Ubuntu Pro Client issue [#308](#308) [x] Feature: Adding support for Azure Linux 2.0 in Tdnf Package Manager [#311](#311) [x] Eng. sys: Upgrade CICD pipeline from Python 3.9 to Python 3.12 [#309](#309) [x] Coverage: Increase code coverage - TimerManager and ServiceManager [#307](#307) [x] Bugfix: Unit tests broken in Python 3.12 [#306](#306) [x] Feature: Adding Azure Linux 3.0 Base Support [#293](#293) [x] Bugfix: Retry Handler to Prevent Unbounded Retries while trying to Mitigate YUM Update Errors [#303](#303) [x] BugFix: CentOS VMs not installing patches during Auto Patching [#298](#298) [x] Bugfix: Auto-assessment - Restricting execution permissions to root user/ owner [#299](#299)
6.aa.core.log
6.core.log
The changes are related to
IcM 526315073
Work Item: 29003600
In existing behavior the service, timer files and the auto assessment script file are getting created with 775 permissions which means other than root users also can execute and modify the file. Which may lead to unauthorized modification of files. This change intends to restrict the execution permissions to root user.
Test Results:
Periodic Assessment result after 12hrs: