From: Ian Jackson Date: Sun, 10 Jun 2012 23:39:17 +0000 (+0100) Subject: adt-virt-schroot: better handling of root-users/groups (#667001) X-Git-Tag: debian/2.1.0~5 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=98a97eb1a2edcfa2d8a19cfee7ec2888c377163e;p=autopkgtest.git adt-virt-schroot: better handling of root-users/groups (#667001) Thanks to Colin Watson. --- diff --git a/debian/changelog b/debian/changelog index 8f0daba..77e902f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,8 @@ autopkgtest (2.0.2) unstable; urgency=low * Fix parsing of "@" dependencies. Colin Watson. Closes: #667022. * Fix NameError re "f" in restriction parsing. Martin Pitt. Closes: #647882. + * Improve handling of schroot root-users and root-groups. + Colin Watson. Closes: #667001. Packaging fixes: * Add Recommends against pbuilder, whose dependency resolver adt-run diff --git a/virt-subproc/adt-virt-schroot b/virt-subproc/adt-virt-schroot index 451f254..40384b9 100755 --- a/virt-subproc/adt-virt-schroot +++ b/virt-subproc/adt-virt-schroot @@ -37,6 +37,24 @@ sys.path.insert(1, our_base) import VirtSubproc as vsp capabilities = [] +def pw_uid(exp_name): + try: + return pwd.getpwnam(exp_name).pw_uid + except KeyError: + return None + +def gr_gid(exp_name): + try: + return grp.getgrnam(exp_name).gr_gid + except KeyError: + return None + +def match(exp_names, ids, extract_id): + for exp_name in [n for n in exp_names.split(',') if n]: + if extract_id(exp_name) in ids: + return True + return False + def parse_args(): global schroot, debuglevel @@ -66,15 +84,8 @@ def parse_args(): if regexp.search('snapshot',cfg['type']): capabilities.append('revert') - if [True - for exp_name in cfg['root-users'].split(',') - for got_uid in [os.getuid()] - if got_uid == pwd.getpwnam(exp_name).pw_uid - ] or [True - for exp_name in cfg['root-groups'].split(',') - for got_gid in [os.getgid()] + os.getgroups() - if got_gid == grp.getgrnam(exp_name).gr_gid - ]: + if (match(cfg['root-users'], [os.getuid()], pw_uid) or + match(cfg['root-groups'], [os.getgid()] + os.getgroups(), gr_gid)): capabilities.append('root-on-testbed') def hook_open():