From f4035e49ee4745cd384d48a2334be793ce8df461 Mon Sep 17 00:00:00 2001 From: wangzengliang1 Date: Mon, 5 Dec 2022 15:10:45 +0800 Subject: [PATCH] fix --- src/ceph-crash.in | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/src/ceph-crash.in b/src/ceph-crash.in index c549dc1..ad5823e 100644 --- a/src/ceph-crash.in +++ b/src/ceph-crash.in @@ -3,8 +3,10 @@ # vim: ts=4 sw=4 smarttab expandtab import argparse +import grp import logging import os +import pwd import signal import socket import subprocess @@ -45,7 +47,8 @@ def post_crash(path): stderr=subprocess.PIPE, ) f = open(os.path.join(path, 'meta'), 'rb') - stdout, stderr = pr.communicate(input=f.read()) + (_, stderr) = pr.communicate(input=f.read()) + stderr = stderr.decode() rc = pr.wait() f.close() if rc != 0: @@ -80,7 +83,25 @@ def handler(signum, frame): print('*** Interrupted with signal %d ***' % signum) sys.exit(0) +def drop_privs(): + if os.getuid() == 0: + try: + ceph_uid = pwd.getpwnam("ceph").pw_uid + ceph_gid = grp.getgrnam("ceph").gr_gid + os.setgroups([]) + os.setgid(ceph_gid) + os.setuid(ceph_uid) + except Exception as e: + log.error(f"Unable to drop privileges: {e}") + sys.exit(1) + + def main(): + + + # run as unprivileged ceph user + drop_privs() + # exit code 0 on SIGINT, SIGTERM signal.signal(signal.SIGINT, handler) signal.signal(signal.SIGTERM, handler) @@ -96,7 +117,10 @@ def main(): log.info("monitoring path %s, delay %ds" % (args.path, args.delay * 60.0)) while True: - scrape_path(args.path) + try: + scrape_path(args.path) + except Exception as e: + log.error(f"Error scraping {args.path}: {e}") if args.delay == 0: sys.exit(0) time.sleep(args.delay * 60) -- 2.13.0.windows.1