Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmdmod: fix runas and group in run_chroot #53992

Merged
merged 3 commits into from
Apr 20, 2020
Merged

cmdmod: fix runas and group in run_chroot #53992

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e88a6c9
cmdmod: fix runas and group in run_chroot
aplanas Jul 24, 2019
1e345bd
test_cmdmod: fix test_run_cwd_in_combination_with_runas
aplanas Jul 25, 2019
c7ad76a
test_cmdmod: add test_run_chroot_runas test
aplanas Jul 25, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 9 additions & 3 deletions salt/modules/cmdmod.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3132,14 +3132,20 @@ def run_chroot(

if isinstance(cmd, (list, tuple)):
cmd = " ".join([six.text_type(i) for i in cmd])
cmd = "chroot {0} {1} -c {2}".format(root, sh_, _cmd_quote(cmd))

# If runas and group are provided, we expect that the user lives
# inside the chroot, not outside.
if runas:
userspec = "--userspec {}:{}".format(runas, group if group else "")
else:
userspec = ""

cmd = "chroot {} {} {} -c {}".format(userspec, root, sh_, _cmd_quote(cmd))

run_func = __context__.pop("cmd.run_chroot.func", run_all)

ret = run_func(
cmd,
runas=runas,
group=group,
cwd=cwd,
stdin=stdin,
shell=shell,
Expand Down
50 changes: 50 additions & 0 deletions tests/unit/modules/test_cmdmod.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -452,6 +452,21 @@ def test_run_cwd_doesnt_exist_issue_7154(self):
else:
raise RuntimeError

@skipIf(salt.utils.platform.is_windows(), "Do not run on Windows")
@skipIf(salt.utils.platform.is_darwin(), "Do not run on MacOS")
def test_run_cwd_in_combination_with_runas(self):
"""
cmd.run executes command in the cwd directory
when the runas parameter is specified
"""
cmd = "pwd"
cwd = "/tmp"
runas = os.getlogin()

with patch.dict(cmdmod.__grains__, {"os": "Darwin", "os_family": "Solaris"}):
stdout = cmdmod._run(cmd, cwd=cwd, runas=runas).get("stdout")
self.assertEqual(stdout, cwd)

def test_run_all_binary_replace(self):
"""
Test for failed decoding of binary data, for instance when doing
Expand Down Expand Up @@ -605,3 +620,38 @@ def test_run_chroot_mount_bind(self):
cmdmod.run_chroot("/mnt", "cmd", binds=["/var"])
self.assertEqual(mock_mount.call_count, 4)
self.assertEqual(mock_umount.call_count, 4)

@skipIf(salt.utils.platform.is_windows(), "Skip test on Windows")
def test_run_chroot_runas(self):
"""
Test run_chroot when a runas parameter is provided
"""
with patch.dict(
cmdmod.__salt__, {"mount.mount": MagicMock(), "mount.umount": MagicMock()}
):
with patch("salt.modules.cmdmod.run_all") as run_all_mock:
cmdmod.run_chroot("/mnt", "ls", runas="foobar")
run_all_mock.assert_called_with(
"chroot --userspec foobar: /mnt /bin/sh -c ls",
bg=False,
clean_env=False,
cwd=None,
env=None,
ignore_retcode=False,
log_callback=None,
output_encoding=None,
output_loglevel="quiet",
pillar=None,
pillarenv=None,
python_shell=True,
reset_system_locale=True,
rstrip=True,
saltenv="base",
shell="/bin/bash",
stdin=None,
success_retcodes=None,
template=None,
timeout=None,
umask=None,
use_vt=False,
)