You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2021/09/02 13:58:07 UTC
[GitHub] [cloudstack] lujiefsi opened a new pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
lujiefsi opened a new pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066
### Description
I think there is a potential securiry issuse in createUniqDir#JavaStorageLayer
public File createUniqDir() {
String dirName = System.getProperty("java.io.tmpdir");
if (dirName != null) {
File dir = new File(dirName);
if (dir.exists()) {
String uniqDirName = dir.getAbsolutePath() + File.separator + UUID.randomUUID().toString();
if (mkdir(uniqDirName)) {
return new File(uniqDirName);
}
}
}
return null;
}
So if a user do not specify the "java.io.tmpdir", we will use the default tmp dir "/tmp" whose mode is 777. Even users specify the "java.io.tmpdir", they may also forget to set the file mode as 700, hence the tmp dir is still worldreadable. Our code then create create UniqDir in tmp dir, and it is also worldreadable.
createUniqDir will be called by swiftUploadMetadataFile and registerTemplateOnSwift in NfsSecondaryStorageResource. Hence the MetadataFile will be written in tmp dir and is also worldreadable.
Hum, assums that cloudstack runs on a server as root, and there are also some regualr users on this server. These regualr users (they even do not belong to cloudstack group) can read these medadatafile, which is undesirable.
I think this is similar to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908 .
This PR will remind users to use correct permission for tmp dir.
<!--- Describe your changes in DETAIL - And how has behaviour functionally changed. -->
<!-- For new features, provide link to FS, dev ML discussion etc. -->
<!-- In case of bug fix, the expected and actual behaviours, steps to reproduce. -->
<!-- When "Fixes: #<id>" is specified, the issue/PR will automatically be closed when this PR gets merged -->
<!-- For addressing multiple issues/PRs, use multiple "Fixes: #<id>" -->
<!-- Fixes: # -->
<!--- ********************************************************************************* -->
<!--- NOTE: AUTOMATATION USES THE DESCRIPTIONS TO SET LABELS AND PRODUCE DOCUMENTATION. -->
<!--- PLEASE PUT AN 'X' in only **ONE** box -->
<!--- ********************************************************************************* -->
### Types of changes
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] Enhancement (improves an existing feature and functionality)
- [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
### Feature/Enhancement Scale or Bug Severity
#### Feature/Enhancement Scale
- [x] Major
- [ ] Minor
#### Bug Severity
- [ ] BLOCKER
- [x] Critical
- [ ] Major
- [ ] Minor
- [ ] Trivial
### Screenshots (if appropriate):
### How Has This Been Tested?
<!-- Please describe in detail how you tested your changes. -->
<!-- Include details of your testing environment, and the tests you ran to -->
<!-- see how your change affects other areas of the code, etc. -->
<!-- Please read the [CONTRIBUTING](https://github.com/apache/cloudstack/blob/master/CONTRIBUTING.md) document -->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-895079002
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian. SL-JID 801
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] lujiefsi commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
lujiefsi commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-861254929
> @rhtyd do you approve?
> @lujiefsi have you tested? do we need more testing?
YES, I have tested this patch!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-870347530
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-863913995
can @lujiefsi get a seconf LGTM (@rhtyd @andrijapanicsb @GabrielBrascher ... and others)?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] GabrielBrascher commented on a change in pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
GabrielBrascher commented on a change in pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#discussion_r662720705
##########
File path: core/src/main/java/com/cloud/storage/JavaStorageLayer.java
##########
@@ -178,18 +183,25 @@ public long getSize(String path) {
}
@Override
- public File createUniqDir() {
+ public File createUniqDir() throws IOException {
String dirName = System.getProperty("java.io.tmpdir");
if (dirName != null) {
File dir = new File(dirName);
if (dir.exists()) {
+ if (isWorldReadable(dir)) {
+ if (dir.getAbsolutePath().equals("/tmp")) {
Review comment:
What do you think of extracting `"/tmp"` into a constant in this class?
##########
File path: core/src/main/java/com/cloud/storage/JavaStorageLayer.java
##########
@@ -178,18 +183,25 @@ public long getSize(String path) {
}
@Override
- public File createUniqDir() {
+ public File createUniqDir() throws IOException {
String dirName = System.getProperty("java.io.tmpdir");
if (dirName != null) {
File dir = new File(dirName);
if (dir.exists()) {
+ if (isWorldReadable(dir)) {
+ if (dir.getAbsolutePath().equals("/tmp")) {
+ s_logger.warn("The temp dir is /tmp");
+ }else {
Review comment:
Can you please change from `}else {` to `} else {`?
Just a small change to keep the [conventions](https://cwiki.apache.org/confluence/display/CLOUDSTACK/Coding+conventions) :slightly_smiling_face:.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-854664956
Packaging result: :heavy_check_mark: centos7 :heavy_check_mark: centos8 :heavy_check_mark: debian. SL-JID 167
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-899190659
@nvazquez a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] lujiefsi commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir
Posted by GitBox <gi...@apache.org>.
lujiefsi commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-853515133
Hi @rhtyd Yes, most the template related registration and operations actually run in ssvm which is not generally accessible. what I concern is below code:
` protected boolean swiftUploadMetadataFile(SwiftTO swift, File srcFile, String containerName, String uniqueName) throws IOException {
File uniqDir = _storage.createUniqDir();
String metaFileName = uniqDir.getAbsolutePath() + File.separator + _tmpltpp;
_storage.create(uniqDir.getAbsolutePath(), _tmpltpp);// metafile is created
long virtualSize = getVirtualSize(srcFile, getTemplateFormat(srcFile.getName()));
File metaFile = swiftWriteMetadataFile(metaFileName, uniqueName, srcFile.getName(), srcFile.length(), virtualSize);///metafile is written with uniquename,filename,size,virtualsize
SwiftUtil.putObject(swift, metaFile, containerName, _tmpltpp);
metaFile.delete();
uniqDir.delete();
return true;
}`
are the uniquename,filename,size and virtualsize sensitive? If not, that's ok. But i still think we need follow The Principle of Least Privilege (PoLP), see https://www.cyberark.com/what-is/least-privilege/
I also still have another concern, that is if others take JavaStorageLayer as library for future, thay maybe not aware that the tmp dir created by createUniqDir is worldreadable.
Meanwhile, i give a new commit to fix the potential NPE when the tmp dir does not exist.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
rhtyd commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-880465678
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-878720175
@nvazquez a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-878736994
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian. SL-JID 526
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-895358709
@nvazquez a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] nvazquez commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
nvazquez commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-895358236
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] lujiefsi commented on a change in pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
lujiefsi commented on a change in pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#discussion_r664186558
##########
File path: core/src/main/java/com/cloud/storage/JavaStorageLayer.java
##########
@@ -178,18 +183,25 @@ public long getSize(String path) {
}
@Override
- public File createUniqDir() {
+ public File createUniqDir() throws IOException {
String dirName = System.getProperty("java.io.tmpdir");
if (dirName != null) {
File dir = new File(dirName);
if (dir.exists()) {
+ if (isWorldReadable(dir)) {
+ if (dir.getAbsolutePath().equals("/tmp")) {
Review comment:
sorry for my mis-undstand
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-912459407
<b>Trillian test result (tid-1953)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 34204 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5066-t1953-kvm-centos7.zip
Smoke tests completed. 89 look OK, 0 have errors
Only failed tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] lujiefsi edited a comment on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir
Posted by GitBox <gi...@apache.org>.
lujiefsi edited a comment on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-853515133
Hi @rhtyd Yes, most the template related registration and operations actually run in ssvm which is not generally accessible. what I concern is below code:
protected boolean swiftUploadMetadataFile(SwiftTO swift, File srcFile, String containerName, String uniqueName) throws IOException {
File uniqDir = _storage.createUniqDir();
String metaFileName = uniqDir.getAbsolutePath() + File.separator + _tmpltpp;
_storage.create(uniqDir.getAbsolutePath(), _tmpltpp);// metafile is created
long virtualSize = getVirtualSize(srcFile, getTemplateFormat(srcFile.getName()));
File metaFile = swiftWriteMetadataFile(metaFileName, uniqueName, srcFile.getName(), srcFile.length(), virtualSize);///metafile is written with uniquename,filename,size,virtualsize
SwiftUtil.putObject(swift, metaFile, containerName, _tmpltpp);
metaFile.delete();
uniqDir.delete();
return true;
}
are the uniquename,filename,size and virtualsize sensitive? If not, that's ok. But i still think we need follow The Principle of Least Privilege (PoLP), see https://www.cyberark.com/what-is/least-privilege/
I also still have another concern, that is if others take JavaStorageLayer as library for future, thay maybe not aware that the tmp dir created by createUniqDir is worldreadable.
Meanwhile, i give a new commit to fix the potential NPE when the tmp dir does not exist.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] nvazquez commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
nvazquez commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-911708085
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] lujiefsi commented on a change in pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
lujiefsi commented on a change in pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#discussion_r660244223
##########
File path: core/src/main/java/com/cloud/storage/JavaStorageLayer.java
##########
@@ -217,6 +229,19 @@ public boolean mkdirs(String path) {
}
}
+ public boolean isWorldReadable(File file) throws IOException {
+ Set<PosixFilePermission> permissions;
+ permissions = Files.getPosixFilePermissions(
+ Paths.get(file.getAbsolutePath()));
+
+ for (PosixFilePermission permission:permissions) {
+ if (permission.equals(PosixFilePermission.OTHERS_READ)) {
+ return true;
+ }
Review comment:
have simplified it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] lujiefsi commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir
Posted by GitBox <gi...@apache.org>.
lujiefsi commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-853515133
Hi @rhtyd Yes, most the template related registration and operations actually run in ssvm which is not generally accessible. what I concern is below code:
` protected boolean swiftUploadMetadataFile(SwiftTO swift, File srcFile, String containerName, String uniqueName) throws IOException {
File uniqDir = _storage.createUniqDir();
String metaFileName = uniqDir.getAbsolutePath() + File.separator + _tmpltpp;
_storage.create(uniqDir.getAbsolutePath(), _tmpltpp);// metafile is created
long virtualSize = getVirtualSize(srcFile, getTemplateFormat(srcFile.getName()));
File metaFile = swiftWriteMetadataFile(metaFileName, uniqueName, srcFile.getName(), srcFile.length(), virtualSize);///metafile is written with uniquename,filename,size,virtualsize
SwiftUtil.putObject(swift, metaFile, containerName, _tmpltpp);
metaFile.delete();
uniqDir.delete();
return true;
}`
are the uniquename,filename,size and virtualsize sensitive? If not, that's ok. But i still think we need follow The Principle of Least Privilege (PoLP), see https://www.cyberark.com/what-is/least-privilege/
I also still have another concern, that is if others take JavaStorageLayer as library for future, thay maybe not aware that the tmp dir created by createUniqDir is worldreadable.
Meanwhile, i give a new commit to fix the potential NPE when the tmp dir does not exist.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] lujiefsi commented on a change in pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
lujiefsi commented on a change in pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#discussion_r660244223
##########
File path: core/src/main/java/com/cloud/storage/JavaStorageLayer.java
##########
@@ -217,6 +229,19 @@ public boolean mkdirs(String path) {
}
}
+ public boolean isWorldReadable(File file) throws IOException {
+ Set<PosixFilePermission> permissions;
+ permissions = Files.getPosixFilePermissions(
+ Paths.get(file.getAbsolutePath()));
+
+ for (PosixFilePermission permission:permissions) {
+ if (permission.equals(PosixFilePermission.OTHERS_READ)) {
+ return true;
+ }
Review comment:
have simplified it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] lujiefsi edited a comment on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir
Posted by GitBox <gi...@apache.org>.
lujiefsi edited a comment on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-853515133
Hi @rhtyd Yes, most the template related registration and operations actually run in ssvm which is not generally accessible. what I concern is below code:
protected boolean swiftUploadMetadataFile(SwiftTO swift, File srcFile, String containerName, String uniqueName) throws IOException {
File uniqDir = _storage.createUniqDir();
String metaFileName = uniqDir.getAbsolutePath() + File.separator + _tmpltpp;
_storage.create(uniqDir.getAbsolutePath(), _tmpltpp);// metafile is created
long virtualSize = getVirtualSize(srcFile, getTemplateFormat(srcFile.getName()));
File metaFile = swiftWriteMetadataFile(metaFileName, uniqueName, srcFile.getName(), srcFile.length(), virtualSize);///metafile is written with uniquename,filename,size,virtualsize
SwiftUtil.putObject(swift, metaFile, containerName, _tmpltpp);
metaFile.delete();
uniqDir.delete();
return true;
}
are the uniquename,filename,size and virtualsize sensitive? If not, that's ok.
I also still have another concern, that is if others take JavaStorageLayer as library for future, thay maybe not aware that the tmp dir created by createUniqDir is worldreadable.
Meanwhile, i give a new commit to fix the potential NPE when the tmp dir does not exist.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-854651031
> @DaanHoogland Yes, we should not encourage people to make '/tmp/' have mode 700. But we still need to encourage users to override "/tmp" with "java.io.tmpdir". repush the new commit,
ok, I can live with it this way ;) (:+1: )
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on a change in pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on a change in pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#discussion_r662952199
##########
File path: core/src/main/java/com/cloud/storage/JavaStorageLayer.java
##########
@@ -178,18 +183,25 @@ public long getSize(String path) {
}
@Override
- public File createUniqDir() {
+ public File createUniqDir() throws IOException {
String dirName = System.getProperty("java.io.tmpdir");
if (dirName != null) {
File dir = new File(dirName);
if (dir.exists()) {
+ if (isWorldReadable(dir)) {
+ if (dir.getAbsolutePath().equals("/tmp")) {
+ s_logger.warn("The temp dir is /tmp");
Review comment:
and than here of course
```suggestion
s_logger.warn(String.format("The temp dir is %s", STDTMP);
```
##########
File path: core/src/main/java/com/cloud/storage/JavaStorageLayer.java
##########
@@ -178,18 +183,25 @@ public long getSize(String path) {
}
@Override
- public File createUniqDir() {
+ public File createUniqDir() throws IOException {
String dirName = System.getProperty("java.io.tmpdir");
if (dirName != null) {
File dir = new File(dirName);
if (dir.exists()) {
+ if (isWorldReadable(dir)) {
+ if (dir.getAbsolutePath().equals("/tmp")) {
Review comment:
@lujiefsi I think @GabrielBrascher means that we should add a
```
private static final String STDTMP = "/tmp";
```
and than
```suggestion
if (STDTMP.equals(dir.getAbsolutePath()) {
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-895047117
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] lujiefsi commented on a change in pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
lujiefsi commented on a change in pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#discussion_r662764683
##########
File path: core/src/main/java/com/cloud/storage/JavaStorageLayer.java
##########
@@ -178,18 +183,25 @@ public long getSize(String path) {
}
@Override
- public File createUniqDir() {
+ public File createUniqDir() throws IOException {
String dirName = System.getProperty("java.io.tmpdir");
if (dirName != null) {
File dir = new File(dirName);
if (dir.exists()) {
+ if (isWorldReadable(dir)) {
+ if (dir.getAbsolutePath().equals("/tmp")) {
Review comment:
/tmp is the default tmp dir for linux. if we directly tell the user "temp dir is is World Readable", we may mislead user to change the permission of "/tmp", which is not desirable. So we just tell user "the temp dir is /tmp" and hope they change the default temp dir.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-859508193
@rhtyd do you approve?
@lujiefsi have you tested? do we need more testing?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sureshanaparti commented on a change in pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
sureshanaparti commented on a change in pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#discussion_r659816586
##########
File path: core/src/main/java/com/cloud/storage/JavaStorageLayer.java
##########
@@ -217,6 +229,19 @@ public boolean mkdirs(String path) {
}
}
+ public boolean isWorldReadable(File file) throws IOException {
+ Set<PosixFilePermission> permissions;
+ permissions = Files.getPosixFilePermissions(
+ Paths.get(file.getAbsolutePath()));
+
+ for (PosixFilePermission permission:permissions) {
+ if (permission.equals(PosixFilePermission.OTHERS_READ)) {
+ return true;
+ }
Review comment:
no need of looping through all permissions, can simply check using permissions set contains `PosixFilePermission.OTHERS_READ` or not
```
if (permissions.contains(PosixFilePermission.OTHERS_READ)) {
return true;
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-911564939
Packaging result: :heavy_multiplication_x: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 1104
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] lujiefsi commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir
Posted by GitBox <gi...@apache.org>.
lujiefsi commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-854632444
@DaanHoogland Yes, we should not encourage people to make '/tmp/' have mode 700. But we still need to encourage users to override "/tmp" with "java.io.tmpdir". repush the new commit,
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] GabrielBrascher commented on a change in pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
GabrielBrascher commented on a change in pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#discussion_r663095200
##########
File path: core/src/main/java/com/cloud/storage/JavaStorageLayer.java
##########
@@ -178,18 +183,25 @@ public long getSize(String path) {
}
@Override
- public File createUniqDir() {
+ public File createUniqDir() throws IOException {
String dirName = System.getProperty("java.io.tmpdir");
if (dirName != null) {
File dir = new File(dirName);
if (dir.exists()) {
+ if (isWorldReadable(dir)) {
+ if (dir.getAbsolutePath().equals("/tmp")) {
Review comment:
Sorry for not being clear about the idea, @lujiefsi.
Good that @DaanHoogland explained it better than me :slightly_smiling_face:
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
rhtyd commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-870346854
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] nvazquez commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
nvazquez commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-878720033
Hi @lujiefsi looks like all the reviews have been addressed, can you please mark them as resolved?
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] nvazquez commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
nvazquez commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-912175329
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-911709037
@nvazquez a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-854593732
@lujiefsi we should not encourage people to make '/tmp/' have mode 700. That is not a valid mode for /tmp on a unix system. it must have 1777 as mode. You could make sure "java.io.tmpdir" is a subdir of /tmp and it has good rights, but I'm -1 as is.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] nvazquez commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
nvazquez commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-878737120
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] lujiefsi edited a comment on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir
Posted by GitBox <gi...@apache.org>.
lujiefsi edited a comment on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-853515133
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] nvazquez closed pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
nvazquez closed pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-856380959
<b>Trillian test result (tid-888)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 43741 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5066-t888-kvm-centos7.zip
Intermittent failure detected: /marvin/tests/smoke/test_router_dhcphosts.py
Intermittent failure detected: /marvin/tests/smoke/test_routers_network_ops.py
Intermittent failure detected: /marvin/tests/smoke/test_vpc_redundant.py
Intermittent failure detected: /marvin/tests/smoke/test_vpc_vpn.py
Smoke tests completed. 86 look OK, 2 have error(s)
Only failed tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true | `Failure` | 326.65 | test_routers_network_ops.py
test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL | `Failure` | 529.07 | test_vpc_redundant.py
test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL | `Error` | 529.09 | test_vpc_redundant.py
test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers | `Failure` | 503.60 | test_vpc_redundant.py
test_05_rvpc_multi_tiers | `Failure` | 494.77 | test_vpc_redundant.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-870347530
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-880466160
@rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] lujiefsi commented on a change in pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
lujiefsi commented on a change in pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#discussion_r664186558
##########
File path: core/src/main/java/com/cloud/storage/JavaStorageLayer.java
##########
@@ -178,18 +183,25 @@ public long getSize(String path) {
}
@Override
- public File createUniqDir() {
+ public File createUniqDir() throws IOException {
String dirName = System.getProperty("java.io.tmpdir");
if (dirName != null) {
File dir = new File(dirName);
if (dir.exists()) {
+ if (isWorldReadable(dir)) {
+ if (dir.getAbsolutePath().equals("/tmp")) {
Review comment:
sorry for my mis-undstand
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sureshanaparti commented on a change in pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
sureshanaparti commented on a change in pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#discussion_r659816586
##########
File path: core/src/main/java/com/cloud/storage/JavaStorageLayer.java
##########
@@ -217,6 +229,19 @@ public boolean mkdirs(String path) {
}
}
+ public boolean isWorldReadable(File file) throws IOException {
+ Set<PosixFilePermission> permissions;
+ permissions = Files.getPosixFilePermissions(
+ Paths.get(file.getAbsolutePath()));
+
+ for (PosixFilePermission permission:permissions) {
+ if (permission.equals(PosixFilePermission.OTHERS_READ)) {
+ return true;
+ }
Review comment:
no need of looping through all permissions, can simply check using permissions set contains `PosixFilePermission.OTHERS_READ` or not
```
if (permissions.contains(PosixFilePermission.OTHERS_READ)) {
return true;
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] lujiefsi commented on a change in pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
lujiefsi commented on a change in pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#discussion_r689321916
##########
File path: core/src/main/java/com/cloud/storage/JavaStorageLayer.java
##########
@@ -21,15 +21,21 @@
import java.io.File;
import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.nio.file.attribute.PosixFilePermission;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import java.util.UUID;
import javax.naming.ConfigurationException;
+import org.apache.log4j.Logger;
public class JavaStorageLayer implements StorageLayer {
-
+ private static final Logger s_logger = Logger.getLogger(JavaStorageLayer.class);
+ private static final String STDTMP = "/tmp";
Review comment:
good point
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] nvazquez merged pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
nvazquez merged pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-912175448
@nvazquez a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-859178430
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-899759472
<b>Trillian test result (tid-1648)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 54715 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5066-t1648-kvm-centos7.zip
Intermittent failure detected: /marvin/tests/smoke/test_internal_lb.py
Intermittent failure detected: /marvin/tests/smoke/test_kubernetes_clusters.py
Intermittent failure detected: /marvin/tests/smoke/test_privategw_acl.py
Intermittent failure detected: /marvin/tests/smoke/test_routers_network_ops.py
Intermittent failure detected: /marvin/tests/smoke/test_vpc_redundant.py
Intermittent failure detected: /marvin/tests/smoke/test_vpc_router_nics.py
Intermittent failure detected: /marvin/tests/smoke/test_vpc_vpn.py
Smoke tests completed. 85 look OK, 4 have error(s)
Only failed tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
test_01_internallb_roundrobin_1VPC_3VM_HTTP_port80 | `Error` | 522.01 | test_internal_lb.py
test_02_internallb_roundrobin_1RVPC_3VM_HTTP_port80 | `Failure` | 720.61 | test_internal_lb.py
ContextSuite context=TestKubernetesCluster>:teardown | `Error` | 75.47 | test_kubernetes_clusters.py
test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true | `Failure` | 346.86 | test_routers_network_ops.py
test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL | `Failure` | 690.00 | test_vpc_redundant.py
test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers | `Failure` | 493.83 | test_vpc_redundant.py
test_04_rvpc_network_garbage_collector_nics | `Error` | 3841.36 | test_vpc_redundant.py
test_05_rvpc_multi_tiers | `Failure` | 529.46 | test_vpc_redundant.py
test_05_rvpc_multi_tiers | `Error` | 529.47 | test_vpc_redundant.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] nvazquez commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
nvazquez commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-899190550
@blueorangutan test keepEnv
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir
Posted by GitBox <gi...@apache.org>.
rhtyd commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-853084973
Hi @lujiefsi have you reproduced any issue on management server? I maybe wrong but many of the template related registration and operations actually run in ssvm which is not generally accessible.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-870395203
Packaging result: :heavy_check_mark: centos7 :heavy_check_mark: centos8 :heavy_check_mark: debian. SL-JID 409
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sureshanaparti commented on a change in pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
sureshanaparti commented on a change in pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#discussion_r689273939
##########
File path: core/src/main/java/com/cloud/storage/JavaStorageLayer.java
##########
@@ -21,15 +21,21 @@
import java.io.File;
import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.nio.file.attribute.PosixFilePermission;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import java.util.UUID;
import javax.naming.ConfigurationException;
+import org.apache.log4j.Logger;
public class JavaStorageLayer implements StorageLayer {
-
+ private static final Logger s_logger = Logger.getLogger(JavaStorageLayer.class);
+ private static final String STDTMP = "/tmp";
Review comment:
```suggestion
private static final String STD_TMP_DIR_PATH = "/tmp";
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-911735560
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 1111
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
rhtyd commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-911517403
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
rhtyd commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-895046815
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-878737251
@nvazquez a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-911520585
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on pull request #5066: CLOUDSTACK-10436:remind users to use correct permission for tmp dir and fixed an NPE
Posted by GitBox <gi...@apache.org>.
rhtyd commented on pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066#issuecomment-870346854
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org