haskal
/
vagrant
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Hardened proc disallow systemd detection 

If you have a vagrant box with proc mounted with
proc    /proc    proc    defaults,hidepid=2     0     0
ps output will be limited to owned process
sudo should extend output
This commit is contained in:
Maxim Kostrikin 2018-09-10 18:10:25 +07:00
parent 770b6e0cca
commit d06cd2f94b
No known key found for this signature in database
GPG Key ID: 1ABFB6292A3C0F2C
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/vagrant/util/guest_inspection.rb
View File

@ -12,7 +12,7 @@ module Vagrant
#
# @return [Boolean]
def systemd?(comm)
comm.test("ps -o comm= 1 | grep systemd")
comm.test("sudo ps -o comm= 1 | grep systemd")
end
# systemd-networkd.service is in use

4
test/unit/plugins/guests/debian/cap/configure_networks_test.rb
View File

@ -67,7 +67,7 @@ describe "VagrantPlugins::GuestDebian::Cap::ConfigureNetworks" do
before do
allow(comm).to receive(:test).with("nmcli -t d show eth1").and_return(false)
allow(comm).to receive(:test).with("nmcli -t d show eth2").and_return(false)
allow(comm).to receive(:test).with("ps -o comm= 1 | grep systemd").and_return(false)
allow(comm).to receive(:test).with("sudo ps -o comm= 1 | grep systemd").and_return(false)
allow(comm).to receive(:test).with("sudo systemctl status systemd-networkd.service").and_return(false)
allow(comm).to receive(:test).with("netplan -h").and_return(false)
end
@ -85,7 +85,7 @@ describe "VagrantPlugins::GuestDebian::Cap::ConfigureNetworks" do
context "with systemd" do
before do
expect(comm).to receive(:test).with("ps -o comm= 1 | grep systemd").and_return(true)
expect(comm).to receive(:test).with("sudo ps -o comm= 1 | grep systemd").and_return(true)
allow(comm).to receive(:test).with("netplan -h").and_return(false)
end