[checks] Add a check for too restrictive umask
If umask is set to something too high (>0022), a warning will be printed. It does not abort the compose though. Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
This commit is contained in:
Lubomír Sedlář
parent
69316d827a
commit
490514e263
@ -172,6 +172,7 @@ def main():
|
|||||||
import pungi.checks
|
import pungi.checks
|
||||||
if not pungi.checks.check(conf):
|
if not pungi.checks.check(conf):
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
pungi.checks.check_umask(logger)
|
||||||
|
|
||||||
if opts.target_dir:
|
if opts.target_dir:
|
||||||
compose_dir = Compose.get_compose_dir(opts.target_dir, conf, compose_type=compose_type, compose_label=opts.label)
|
compose_dir = Compose.get_compose_dir(opts.target_dir, conf, compose_type=compose_type, compose_label=opts.label)
|
||||||
|
|||||||
@ -102,6 +102,16 @@ def check(conf):
|
|||||||
return not fail
|
return not fail
|
||||||
|
|
||||||
|
|
||||||
|
def check_umask(logger):
|
||||||
|
"""Make sure umask is set to something reasonable. If not, log a warning."""
|
||||||
|
mask = os.umask(0)
|
||||||
|
os.umask(mask)
|
||||||
|
|
||||||
|
if mask > 0o022:
|
||||||
|
logger.warning('Unusually strict umask detected (0%03o), '
|
||||||
|
'expect files with broken permissions.', mask)
|
||||||
|
|
||||||
|
|
||||||
def validate_options(conf, valid_options):
|
def validate_options(conf, valid_options):
|
||||||
errors = []
|
errors = []
|
||||||
for i in valid_options:
|
for i in valid_options:
|
||||||
|
|||||||
@ -143,5 +143,36 @@ class CheckDependenciesTestCase(unittest.TestCase):
|
|||||||
self.assertFalse(result)
|
self.assertFalse(result)
|
||||||
|
|
||||||
|
|
||||||
|
class TestUmask(unittest.TestCase):
|
||||||
|
def setUp(self):
|
||||||
|
self.orig_umask = os.umask(0)
|
||||||
|
os.umask(self.orig_umask)
|
||||||
|
|
||||||
|
def tearDown(self):
|
||||||
|
os.umask(self.orig_umask)
|
||||||
|
|
||||||
|
def test_no_warning_with_0022(self):
|
||||||
|
os.umask(0o022)
|
||||||
|
logger = mock.Mock()
|
||||||
|
checks.check_umask(logger)
|
||||||
|
self.assertItemsEqual(logger.mock_calls, [])
|
||||||
|
|
||||||
|
def test_no_warning_with_0000(self):
|
||||||
|
os.umask(0o000)
|
||||||
|
logger = mock.Mock()
|
||||||
|
checks.check_umask(logger)
|
||||||
|
self.assertItemsEqual(logger.mock_calls, [])
|
||||||
|
|
||||||
|
def test_warning_with_0044(self):
|
||||||
|
os.umask(0o044)
|
||||||
|
logger = mock.Mock()
|
||||||
|
checks.check_umask(logger)
|
||||||
|
self.assertItemsEqual(
|
||||||
|
logger.mock_calls,
|
||||||
|
[mock.call.warning('Unusually strict umask detected (0%03o), '
|
||||||
|
'expect files with broken permissions.', 0o044)]
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
unittest.main()
|
unittest.main()
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user