From 4d9f24f5c385cb7fa21d87a097ccd9a297613a75 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Thu, 29 Jun 2017 13:32:15 -0400 Subject: read_dmi_data: always return None when inside a container. This fixes stacktrace and warning message that would be printed to the log if running inside a container and read_dmi_data tried to access a key that was not present. In a container, the /sys/class/dmi/id data is not relevant to the but to the host. Additionally an unpriviledged container might see strange behavior: # cd /sys/class/dmi/id/ # id -u 0 # ls -l chassis_serial -r-------- 1 nobody nogroup 4096 Jun 29 16:49 chassis_serial # cat chassis_serial cat: /sys/class/dmi/id/chassis_serial: Permission denied The solution here is to just always return None when running in a container. LP: #1701325 --- cloudinit/util.py | 7 +++++++ tests/unittests/test_util.py | 23 +++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/cloudinit/util.py b/cloudinit/util.py index c93b6d7e..b486e182 100644 --- a/cloudinit/util.py +++ b/cloudinit/util.py @@ -2397,6 +2397,10 @@ def read_dmi_data(key): """ Wrapper for reading DMI data. + If running in a container return None. This is because DMI data is + assumed to be not useful in a container as it does not represent the + container but rather the host. + This will do the following (returning the first that produces a result): 1) Use a mapping to translate `key` from dmidecode naming to @@ -2407,6 +2411,9 @@ def read_dmi_data(key): If all of the above fail to find a value, None will be returned. """ + if is_container(): + return None + syspath_value = _read_dmi_syspath(key) if syspath_value is not None: return syspath_value diff --git a/tests/unittests/test_util.py b/tests/unittests/test_util.py index a73fd26a..65035be2 100644 --- a/tests/unittests/test_util.py +++ b/tests/unittests/test_util.py @@ -365,6 +365,9 @@ class TestReadDMIData(helpers.FilesystemMockingTestCase): self.addCleanup(shutil.rmtree, self.new_root) self.patchOS(self.new_root) self.patchUtils(self.new_root) + p = mock.patch("cloudinit.util.is_container", return_value=False) + self.addCleanup(p.stop) + self._m_is_container = p.start() def _create_sysfs_parent_directory(self): util.ensure_dir(os.path.join('sys', 'class', 'dmi', 'id')) @@ -453,6 +456,26 @@ class TestReadDMIData(helpers.FilesystemMockingTestCase): self._create_sysfs_file(sysfs_key, dmi_value) self.assertEqual(expected, util.read_dmi_data(dmi_key)) + def test_container_returns_none(self): + """In a container read_dmi_data should always return None.""" + + # first verify we get the value if not in container + self._m_is_container.return_value = False + key, val = ("system-product-name", "my_product") + self._create_sysfs_file('product_name', val) + self.assertEqual(val, util.read_dmi_data(key)) + + # then verify in container returns None + self._m_is_container.return_value = True + self.assertIsNone(util.read_dmi_data(key)) + + def test_container_returns_none_on_unknown(self): + """In a container even bogus keys return None.""" + self._m_is_container.return_value = True + self._create_sysfs_file('product_name', "should-be-ignored") + self.assertIsNone(util.read_dmi_data("bogus")) + self.assertIsNone(util.read_dmi_data("system-product-name")) + class TestMultiLog(helpers.FilesystemMockingTestCase): -- cgit v1.2.3