diff options
| author | zdc <zdc@users.noreply.github.com> | 2022-04-07 20:24:57 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-07 20:24:57 +0300 |
| commit | 45c1d42e15f4a5fe5e176e1516b2da9d21e7837a (patch) | |
| tree | 0535c3cf76b60dbf585416b4490c5bd9c9c99359 /tests/integration_tests/test_logging.py | |
| parent | 96226f37cdbdaef2fbc51de7b9ca75b61a16792b (diff) | |
| parent | aa60d48c2711cdcd9f88a4e5c77379adb0408231 (diff) | |
| download | vyos-cloud-init-45c1d42e15f4a5fe5e176e1516b2da9d21e7837a.tar.gz vyos-cloud-init-45c1d42e15f4a5fe5e176e1516b2da9d21e7837a.zip | |
Merge pull request #52 from vyos/current
T2117: Backport Cloud-init 22.1 with our changes to VyOS 1.3
Diffstat (limited to 'tests/integration_tests/test_logging.py')
| -rw-r--r-- | tests/integration_tests/test_logging.py | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/tests/integration_tests/test_logging.py b/tests/integration_tests/test_logging.py new file mode 100644 index 00000000..b31a0434 --- /dev/null +++ b/tests/integration_tests/test_logging.py @@ -0,0 +1,22 @@ +"""Integration tests relating to cloud-init's logging.""" + + +class TestVarLogCloudInitOutput: + """Integration tests relating to /var/log/cloud-init-output.log.""" + + def test_var_log_cloud_init_output_not_world_readable(self, client): + """ + The log can contain sensitive data, it shouldn't be world-readable. + + LP: #1918303 + """ + # Check the file exists + assert client.execute("test -f /var/log/cloud-init-output.log").ok + + # Check its permissions are as we expect + perms, user, group = client.execute( + "stat -c %a:%U:%G /var/log/cloud-init-output.log" + ).split(":") + assert "640" == perms + assert "root" == user + assert "adm" == group |