External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-22 11:25:08 -02:30
Code Issues Packages Projects Releases Wiki Activity

Added /var/log/supervisor to paths hidden by proot.

Browse Source
This commit is contained in:
Chris Church
2014-11-04 11:27:20 -05:00
parent dc3dd0db26
commit 886d9f2120
2 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
awx/main/tasks.py
View File

@@ -338,12 +338,13 @@ class BaseTask(Task):
- /etc/tower (to prevent obtaining db info or secret key) - /etc/tower (to prevent obtaining db info or secret key)
- /var/lib/awx (except for current project) - /var/lib/awx (except for current project)
- /var/log/tower - /var/log/tower
- /var/log/supervisor
- /tmp (except for own tmp files) - /tmp (except for own tmp files)
''' '''
new_args = [getattr(settings, 'AWX_PROOT_CMD', 'proot'), '-r', '/'] new_args = [getattr(settings, 'AWX_PROOT_CMD', 'proot'), '-r', '/']
hide_paths = ['/etc/tower', '/var/lib/awx', '/var/log/tower', hide_paths = ['/etc/tower', '/var/lib/awx', '/var/log/tower',
tempfile.gettempdir(), settings.PROJECTS_ROOT, '/var/log/supervisor', tempfile.gettempdir(),
settings.JOBOUTPUT_ROOT] settings.PROJECTS_ROOT, settings.JOBOUTPUT_ROOT]
hide_paths.extend(getattr(settings, 'AWX_PROOT_HIDE_PATHS', None) or []) hide_paths.extend(getattr(settings, 'AWX_PROOT_HIDE_PATHS', None) or [])
for path in sorted(set(hide_paths)): for path in sorted(set(hide_paths)):
if not os.path.exists(path): if not os.path.exists(path):

17
awx/main/tests/tasks.py
View File

@@ -3,6 +3,7 @@
# Python # Python
from distutils.version import StrictVersion as Version from distutils.version import StrictVersion as Version
import glob
import json import json
import os import os
import shutil import shutil
@@ -176,6 +177,15 @@ TEST_PROOT_PLAYBOOK = '''
assert: assert:
that: that:
- "not temp_stat.stat.exists" - "not temp_stat.stat.exists"
- name: check for supervisor log path
stat: path={{ supervisor_log_path }}
register: supervisor_log_stat
when: supervisor_log_path is defined
- name: check that supervisor log path was not found
assert:
that:
- "not supervisor_log_stat.stat.exists"
when: supervisor_log_path is defined
- name: try to run a tower-manage command - name: try to run a tower-manage command
command: tower-manage validate command: tower-manage validate
ignore_errors: true ignore_errors: true
@@ -1354,6 +1364,11 @@ class RunJobTest(BaseCeleryTest):
# Create a temp directory that should not be visible to the playbook. # Create a temp directory that should not be visible to the playbook.
temp_path = tempfile.mkdtemp() temp_path = tempfile.mkdtemp()
self._temp_paths.append(temp_path) self._temp_paths.append(temp_path)
# Find a file in supervisor logs that should not be visible.
try:
supervisor_log_path = glob.glob('/var/log/supervisor/*')[0]
except IndexError:
supervisor_log_path = None
# Create our test project and job template. # Create our test project and job template.
self.create_test_project(TEST_PROOT_PLAYBOOK) self.create_test_project(TEST_PROOT_PLAYBOOK)
project_path = self.project.local_path project_path = self.project.local_path
@@ -1365,6 +1380,8 @@ class RunJobTest(BaseCeleryTest):
'other_project_path': other_project_path, 'other_project_path': other_project_path,
'temp_path': temp_path, 'temp_path': temp_path,
} }
if supervisor_log_path:
extra_vars['supervisor_log_path'] = supervisor_log_path
job = self.create_test_job(job_template=job_template, verbosity=3, job = self.create_test_job(job_template=job_template, verbosity=3,
extra_vars=json.dumps(extra_vars)) extra_vars=json.dumps(extra_vars))
self.assertEqual(job.status, 'new') self.assertEqual(job.status, 'new')