cloud-init-dev team mailing list archive

Thread
Date

Re: [Merge] ~chad.smith/cloud-init:tests-fix-root-os-access-leak into cloud-init:master

To: mp+330774@xxxxxxxxxxxxxxxxxx
From: Chad Smith <chad.smith@xxxxxxxxxxxxx>
Date: Thu, 14 Sep 2017 19:46:16 -0000
In-reply-to: <150541604998.2428.9200984788483084074.launchpad@ackee.canonical.com>
Reply-to: mp+330774@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

I'm not quite sure what we should do here. You are right that root user will likely never see os.access(W_OK) as False because root's a privileged user so the perms don't matter.

Also, it seems that in containers we fail to resize up at cc_resizefs line 197 on ENOENT so generally trying to account for is_container checks below in the os.access and stat.S_ISBLK 
conditionals feel like wasted logic. We could just check mode values instead of os.access like this:

os.stat(devpath).st_mode & (stat.S_IROTH | stat.S_IRGRP|  stat.S_IRUSR)
I know there must be a better way here.

But ultimately, do you know if there are device files that would be read only for root?


-- 
https://code.launchpad.net/~chad.smith/cloud-init/+git/cloud-init/+merge/330774
Your team cloud-init commiters is requested to review the proposed merge of ~chad.smith/cloud-init:tests-fix-root-os-access-leak into cloud-init:master.

References

[Merge] ~chad.smith/cloud-init:tests-fix-root-os-access-leak into cloud-init:master
From: Chad Smith, 2017-09-14