-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ENT-9931: Guard against /sys/hypervisor/uuid not being readable (3.18) #2718
Conversation
craigcomstock
commented
Sep 1, 2023
- Guard against /sys/hypervisor/uuid not being readable
- can squash this one, use isreadable() if available
@cf-bottom jenkins please |
Sure, I triggered a build: Jenkins: https://ci.cfengine.com/job/pr-pipeline/9713/ Packages: http://buildcache.cfengine.com/packages/testing-pr/jenkins-pr-pipeline-9713/ |
@@ -603,6 +603,15 @@ bundle common cfe_autorun_inventory_aws | |||
scope => "namespace", | |||
if => isvariable("cfe_autorun_inventory_dmidecode.dmi[bios-vendor]"); | |||
|
|||
@if minimum_version(3.22.0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we have a feature registered for the function? Would be nice to be able to so if feature isreadable.
@if minimum_version(3.22.0) | ||
"sys_hypervisor_uuid_readable" -> { "ENT-9931" } | ||
expression => isreadable("/sys/hypervisor/uuid", 1); | ||
@else |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yay else
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, I considered adding a comment like "this could be dangerous, with cat
waiting forever, but not likely and certainly not by experimentation, either the file is there or not, and readable, or mysteriously: not."
So far so good! https://ci.cfengine.com/job/fr-tests/6393/consoleFull Absolutely ZERO mention of regline errors as before 👍 |
On a centos-6 PV instance in Amazon EC2 I see /sys/hypervisor/uuid exists -r--r--r-- 1 root root 4096 Sep 1 14:30 /sys/hypervisor/uuid but is not readable even though permissions seem to be ok. cat: /sys/hypervisor/uuid: No such file or directory While SELinux is enforced it doesn't seem to be involved since this is a special sysfs filesystem and there are no entries for the failure in the audit log. Ticket: ENT-9931 Changelog: title (cherry picked from commit 612323d)
77319da
to
e9807a6
Compare