Beispiel #1
func (pk *ProxyKeyring) Listen() (string, error) {
	if pk.listener != nil {
		return "", errors.New("Already listening")

	dir, err := ioutil.TempDir("", "proxykeyring")
	if err != nil {
		return "", err

	err = os.Chmod(dir, 0700)
	if err != nil {
		return "", err

	listener := filepath.Join(dir, "listener")
	pk.listener, err = net.Listen("unix", listener)
	if err != nil {
		return "", err

	err = os.Chmod(listener, 0600)
	if err != nil {
		return "", err

	return listener, nil
Beispiel #2
func TestFileSS_BadPerm(t *testing.T) {
	if runtime.GOOS == "windows" {
		t.Skip("skipping file permission test on windows")

	// Create a temp dir
	dir1, err := ioutil.TempDir("", "raft")
	if err != nil {
		t.Fatalf("err: %s", err)
	defer os.RemoveAll(dir1)

	// Create a sub dir and remove all permissions
	dir2, err := ioutil.TempDir(dir1, "badperm")
	if err != nil {
		t.Fatalf("err: %s", err)
	if err := os.Chmod(dir2, 000); err != nil {
		t.Fatalf("err: %s", err)
	defer os.Chmod(dir2, 777) // Set perms back for delete

	// Should fail
	if _, err := NewFileSnapshotStore(dir2, 3, nil); err == nil {
		t.Fatalf("should fail to use dir with bad perms")
Beispiel #3
// InWritableDir calls fn(path), while making sure that the directory
// containing `path` is writable for the duration of the call.
func InWritableDir(fn func(string) error, path string) error {
	dir := filepath.Dir(path)
	info, err := os.Stat(dir)
	if err != nil {
		return err
	if !info.IsDir() {
		return errors.New("Not a directory: " + path)
	if info.Mode()&0200 == 0 {
		// A non-writeable directory (for this user; we assume that's the
		// relevant part). Temporarily change the mode so we can delete the
		// file or directory inside it.
		err = os.Chmod(dir, 0755)
		if err == nil {
			defer func() {
				err = os.Chmod(dir, info.Mode())
				if err != nil {
					// We managed to change the permission bits like a
					// millisecond ago, so it'd be bizarre if we couldn't
					// change it back.

	return fn(path)
// tempFile returns the fd for the temporary file, reusing an open fd
// or creating the file as necessary.
func (s *sharedPullerState) tempFile() (io.WriterAt, error) {
	defer s.mut.Unlock()

	// If we've already hit an error, return early
	if s.err != nil {
		return nil, s.err

	// If the temp file is already open, return the file descriptor
	if s.fd != nil {
		return lockedWriterAt{&s.mut, s.fd}, nil

	// Ensure that the parent directory is writable. This is
	// osutil.InWritableDir except we need to do more stuff so we duplicate it
	// here.
	dir := filepath.Dir(s.tempName)
	if info, err := os.Stat(dir); err != nil {
		s.failLocked("dst stat dir", err)
		return nil, err
	} else if info.Mode()&0200 == 0 {
		err := os.Chmod(dir, 0755)
		if !s.ignorePerms && err == nil {
			defer func() {
				err := os.Chmod(dir, info.Mode().Perm())
				if err != nil {

	// Attempt to create the temp file
	flags := os.O_WRONLY
	if s.reused == 0 {
		flags |= os.O_CREATE | os.O_EXCL
	} else {
		// With sufficiently bad luck when exiting or crashing, we may have
		// had time to chmod the temp file to read only state but not yet
		// moved it to it's final name. This leaves us with a read only temp
		// file that we're going to try to reuse. To handle that, we need to
		// make sure we have write permissions on the file before opening it.
		err := os.Chmod(s.tempName, 0644)
		if !s.ignorePerms && err != nil {
			s.failLocked("dst create chmod", err)
			return nil, err
	fd, err := os.OpenFile(s.tempName, flags, 0666)
	if err != nil {
		s.failLocked("dst create", err)
		return nil, err

	// Same fd will be used by all writers
	s.fd = fd

	return lockedWriterAt{&s.mut, s.fd}, nil
Beispiel #5
func InitDataDir() {
	if !exists(getDataDir()) {
		fmt.Println("Adding datadir")
		os.MkdirAll(getDataDir(), 0750)
		os.Chmod(getDataDir(), 0750)

	if !exists(filepath.Join(getDataDir(), "index.json")) {
		fmt.Println("Adding index.json")
		file, err := os.Create(filepath.Join(getDataDir(), "index.json"))
		if err == nil {
			_, err := file.WriteString("{}")

			if err != nil {

	if !exists(filepath.Join(getDataDir(), "wwdr.pem")) {
		fmt.Println("Copying wwdr.pem")
		if err := copyWWDR(); err != nil {

	if !exists(filepath.Join(getDataDir(), "profiles")) {
		fmt.Println("Adding profiles")
		os.MkdirAll(filepath.Join(getDataDir(), "profiles"), 0750)
		os.Chmod(getDataDir(), 0750)
Beispiel #6
func TestInWritableDirWindowsRemoveAll(t *testing.T) {
	// os.RemoveAll should remove read only things on windows

	if runtime.GOOS != "windows" {
		t.Skipf("Tests not required")

	err := os.RemoveAll("testdata")
	if err != nil {
	defer os.Chmod("testdata/windows/ro/readonlynew", 0700)
	defer os.RemoveAll("testdata")

	create := func(name string) error {
		fd, err := os.Create(name)
		if err != nil {
			return err
		return nil

	os.Mkdir("testdata", 0700)

	os.Mkdir("testdata/windows", 0500)
	os.Mkdir("testdata/windows/ro", 0500)
	os.Chmod("testdata/windows/ro/readonly", 0500)

	if err := os.RemoveAll("testdata/windows"); err != nil {
		t.Errorf("Unexpected error: %s", err)
Beispiel #7
// The only real errors right now are log based or RPC.
func TestErrorHandler(t *testing.T) {
	ci := ClusterInfo{Name: "foo", Size: 1}
	_, rpc, log := genNodeArgs(t)

	// Use ChanHandler
	scCh := make(chan StateChange)
	errCh := make(chan error)
	chHand := NewChanHandler(scCh, errCh)

	node, err := New(ci, chHand, rpc, log)
	if err != nil {
		t.Fatalf("Expected no error, got: %v", err)
	defer node.Close()

	// Force a write to err
	os.Chmod(node.logPath, 0400)
	defer os.Chmod(node.logPath, 0660)

	err = errWait(t, errCh)

	perr, ok := err.(*os.PathError)
	if !ok {
		t.Fatalf("Got wrong error type")
	if perr.Op != "open" {
		t.Fatalf("Got wrong operation, wanted 'open', got %q", perr.Op)
	if perr.Path != node.LogPath() {
		t.Fatalf("Expected the logPath, got %s \n", perr.Path)
Beispiel #8
func TestAccess(t *testing.T) {
	if os.Geteuid() == 0 {
		t.Log("Skipping TestAccess() as root.")
	me := NewTestCase(t)
	defer me.Cleanup()

	err := ioutil.WriteFile(me.origFile, []byte(contents), 0700)
	err = os.Chmod(me.origFile, 0)
	// Ugh - copied from unistd.h
	const W_OK uint32 = 2

	errCode := syscall.Access(me.mountFile, W_OK)
	if errCode != syscall.EACCES {
		t.Errorf("Expected EACCES for non-writable, %v %v", errCode, syscall.EACCES)
	err = os.Chmod(me.origFile, 0222)
	errCode = syscall.Access(me.mountFile, W_OK)
	if errCode != nil {
		t.Errorf("Expected no error code for writable. %v", errCode)
Beispiel #9
// UnTar a tar file
func UnTar(srcTar string, dstDir string) (err error) {
	// 清理路径字符串
	dstDir = path.Clean(dstDir) + string(os.PathSeparator)

	fr, er := os.Open(srcTar)
	if er != nil {
		return er
	defer fr.Close()

	tr := tar.NewReader(fr)

	for hdr, er := tr.Next(); er != io.EOF; hdr, er = tr.Next() {
		if er != nil {
			return er

		fi := hdr.FileInfo()

		dstFullPath := dstDir + hdr.Name

		if hdr.Typeflag == tar.TypeDir {
			os.MkdirAll(dstFullPath, fi.Mode().Perm())
			os.Chmod(dstFullPath, fi.Mode().Perm())
		} else {
			os.MkdirAll(path.Dir(dstFullPath), os.ModePerm)
			if er := unTarFile(dstFullPath, tr); er != nil {
				return er
			os.Chmod(dstFullPath, fi.Mode().Perm())
	return nil
Beispiel #10
func (d *driver) Mount(
	device, target, mountOptions, mountLabel string) error {

	if d.isNfsDevice(device) {

		if err := d.nfsMount(device, target); err != nil {
			return err

		os.MkdirAll(d.volumeMountPath(target), d.fileModeMountPath())
		os.Chmod(d.volumeMountPath(target), d.fileModeMountPath())

		return nil

	fsType, err := probeFsType(device)
	if err != nil {
		return err

	options := label.FormatMountLabel("", mountLabel)
	options = fmt.Sprintf("%s,%s", mountOptions, mountLabel)
	if fsType == "xfs" {
		options = fmt.Sprintf("%s,nouuid", mountOptions)

	if err := mount.Mount(device, target, fsType, options); err != nil {
		return fmt.Errorf("Couldn't mount directory %s at %s: %s", device, target, err)

	os.MkdirAll(d.volumeMountPath(target), d.fileModeMountPath())
	os.Chmod(d.volumeMountPath(target), d.fileModeMountPath())

	return nil
Beispiel #11
// StreamFileAsTar streams the source file as a tar archive.
// The permissions of the file is changed to 0666.
func (t *stiTar) StreamDirAsTar(source, dest string, writer io.Writer) error {
	f, err := os.Open(source)
	if err != nil {
		return err
	if info, _ := f.Stat(); !info.IsDir() {
		return fmt.Errorf("the source %q has to be directory, not a file", source)
	defer f.Close()
	fs := util.NewFileSystem()
	tmpDir, err := ioutil.TempDir("", "s2i-")
	if err != nil {
		return err
	defer os.RemoveAll(tmpDir)
	if err := fs.Copy(source, tmpDir); err != nil {
		return err
	// Skip chmod if on windows OS
	if runtime.GOOS != "windows" {
		err = filepath.Walk(tmpDir, func(path string, info os.FileInfo, err error) error {
			if err != nil {
				return err
			if info.IsDir() {
				return os.Chmod(path, 0777)
			return os.Chmod(path, 0666)
		if err != nil {
			return err
	return t.CreateTarStream(tmpDir, false, writer)
Beispiel #12
func TestAccess(t *testing.T) {
	if os.Geteuid() == 0 {
		t.Log("Skipping TestAccess() as root.")
	tc := NewTestCase(t)
	defer tc.Cleanup()

	contents := []byte{1, 2, 3}
	err := ioutil.WriteFile(tc.origFile, []byte(contents), 0700)
	if err != nil {
		t.Fatalf("WriteFile failed: %v", err)
	err = os.Chmod(tc.origFile, 0)
	if err != nil {
		t.Fatalf("Chmod failed: %v", err)
	// Ugh - copied from unistd.h
	const W_OK uint32 = 2

	errCode := syscall.Access(tc.mountFile, W_OK)
	if errCode != syscall.EACCES {
		t.Errorf("Expected EACCES for non-writable, %v %v", errCode, syscall.EACCES)
	err = os.Chmod(tc.origFile, 0222)
	if err != nil {
		t.Fatalf("Chmod failed: %v", err)
	errCode = syscall.Access(tc.mountFile, W_OK)
	if errCode != nil {
		t.Errorf("Expected no error code for writable. %v", errCode)
Beispiel #13
func updatePerms(dirPath, mockPath string) {
	if knf.GetS(ACCESS_USER) != "" || knf.GetS(ACCESS_GROUP) != "" {
		dirOwnerUID, dirOwnerGID, _ := fsutil.GetOwner(dirPath)
		mockOwnerUID, mockOwnerGID, _ := fsutil.GetOwner(mockPath)

		if knf.GetS(ACCESS_USER) != "" {
			userInfo, err := system.LookupUser(knf.GetS(ACCESS_USER))

			if err == nil {
				dirOwnerUID = userInfo.UID
				mockOwnerUID = userInfo.UID

		if knf.GetS(ACCESS_GROUP) != "" {
			groupInfo, err := system.LookupGroup(knf.GetS(ACCESS_GROUP))

			if err == nil {
				dirOwnerGID = groupInfo.GID
				mockOwnerGID = groupInfo.GID

		os.Chown(dirPath, dirOwnerUID, dirOwnerGID)
		os.Chown(mockPath, mockOwnerUID, mockOwnerGID)

	os.Chmod(dirPath, knf.GetM(ACCESS_MOCK_DIR_PERMS))
	os.Chmod(mockPath, knf.GetM(ACCESS_MOCK_PERMS))
Beispiel #14
func update(p string, f os.FileInfo, err error) error {
	// Check the file mode.
	if f.IsDir() {
		m := os.FileMode(*cliChmodDir)
		if f.Mode().Perm() != m.Perm() {
			err := os.Chmod(p, m)
			if err != nil {
				log.Printf("Failed to chmod directory: %s", p)
			log.Printf("Updated chmod directory: %s", p)
	} else {
		m := os.FileMode(*cliChmodFile)
		if f.Mode().Perm() != m.Perm() {
			err := os.Chmod(p, m)
			if err != nil {
				log.Printf("Failed to chmod file: %s", p)
			log.Printf("Updated chmod file: %s", p)

	// Check the file owner.
	fu := f.Sys().(*syscall.Stat_t).Uid
	fg := f.Sys().(*syscall.Stat_t).Gid
	if int(fu) != uid && int(fg) != gid {
		err := os.Chown(p, uid, gid)
		if err != nil {
			log.Printf("Failed to chown file: %s", p)
		log.Printf("Updated chown file: %s", p)

	return nil
Beispiel #15
func (s *BootstrapSuite) TestGUIArchiveInfoError(c *gc.C) {
	if runtime.GOOS == "windows" {
		// TODO frankban: skipping for now due to chmod problems with mode 0000
		// on Windows. We will re-enable this test after further investigation:
		// "jujud bootstrap" is never run on Windows anyway.
		c.Skip("needs chmod investigation")
	dir := filepath.FromSlash(agenttools.SharedGUIDir(s.dataDir))
	info := filepath.Join(dir, "downloaded-gui.txt")
	err := os.Chmod(info, 0000)
	c.Assert(err, jc.ErrorIsNil)
	defer os.Chmod(info, 0600)
	_, cmd, err := s.initBootstrapCommand(
		c, nil, "--model-config", s.b64yamlControllerModelConfig,
		"--hosted-model-config", s.b64yamlHostedModelConfig,
		"--instance-id", string(s.instanceId))
	c.Assert(err, jc.ErrorIsNil)

	var tw loggo.TestWriter
	err = loggo.RegisterWriter("bootstrap-test", &tw, loggo.DEBUG)
	c.Assert(err, jc.ErrorIsNil)
	defer loggo.RemoveWriter("bootstrap-test")

	err = cmd.Run(nil)
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(tw.Log(), jc.LogMatches, jc.SimpleMessages{{
		`cannot set up Juju GUI: cannot fetch GUI info: cannot read GUI metadata in tools directory: .*`,
func createCerts() {
	basedir := filepath.Dir(defaultCertFile)
	if _, err := os.Stat(basedir); os.IsNotExist(err) {
		if err := os.MkdirAll(basedir, 0755); err != nil {
	if _, err := os.Stat(defaultCertFile); os.IsExist(err) {
	certHosts := []string{"localhost", ""}
	if hostname, err := os.Hostname(); err == nil {
		certHosts = append(certHosts, hostname)
	if len(os.Getenv("GOGS_SERVER__ROOT_URL")) > 0 {
		certHosts = append(certHosts, os.Getenv("GOGS_SERVER__ROOT_URL"))
	cmd := exec.Command("/opt/gogs/gogs", "cert", fmt.Sprintf("%s=%s", "-host", strings.Join(certHosts, ",")))
	cmd.Stdout = os.Stdout
	cmd.Stderr = os.Stderr
	err := cmd.Run()
	if err != nil {
	os.Chmod("cert.pem", 0644)
	os.Chmod("key.pem", 0644)
Beispiel #17
func copyFile(source string, dest string) (err error) {
	sourcefile, err := os.Open(source)
	if err != nil {
		return err

	defer sourcefile.Close()

	if _, e := os.Stat(dest); e == nil {
		//fmt.Println("the file is not overide able", filepath.Join(dest, file.Name()))
		os.Chmod(dest, 0777)

	destfile, err := os.Create(dest)
	if err != nil {
		return err

	defer destfile.Close()

	_, err = io.Copy(destfile, sourcefile)
	if err == nil {
		sourceinfo, err := os.Stat(source)
		if err == nil {
			err = os.Chmod(dest, sourceinfo.Mode())


Beispiel #18
func TestSanityCheck(t *testing.T) {
	//goroot := runtime.GOROOT()
	err := SanityCheck("i")
	if err == nil {
		t.Fatalf("sanity check failed! Expected to flag incorrect GOROOT variable")
	tmpDir, err := ioutil.TempDir("", "goxc_test_sanityCheck")
	defer os.RemoveAll(tmpDir)
	err = SanityCheck(tmpDir)
	if err == nil {
		t.Fatalf("sanity check failed! Expected to notice missing src folder")

	srcDir := filepath.Join(tmpDir, "src")
	os.Mkdir(srcDir, 0700)
	scriptname := GetMakeScriptPath(tmpDir)
	ioutil.WriteFile(scriptname, []byte("1"), 0111)
	err = SanityCheck(tmpDir)
	if err != nil {
		t.Fatalf("sanity check failed! Did not find src folder: %v", err)
	//chmod doesnt work in Windows.
	//TODO: verify which OSes support chmod
	if runtime.GOOS == "linux" {
		os.Chmod(srcDir, 0600)
		defer os.Chmod(srcDir, 0700)
		err = SanityCheck(tmpDir)
		if err == nil {
			t.Fatalf("sanity check failed! Expected NOT to be able to open src folder")
func (s *EntrySuite) TestRemovedCreateFailure(c *gc.C) {
	ft.File{"some-file", "content", 0644}.Create(c, s.basePath)
	os.Chmod(s.basePath, 0444)
	defer os.Chmod(s.basePath, 0777)
	c.ExpectFailure("should fail to remove file")
	ft.Removed{"some-file"}.Create(c, s.basePath)
Beispiel #20
func (s *policySuite) TestIterOpRemoveBadDirmode(c *C) {
	err := iterOp(install, filepath.Join(s.appg, "*"), s.dest, "foo_")
	c.Assert(err, IsNil)
	c.Assert(os.Chmod(s.dest, 0), IsNil)
	defer os.Chmod(s.dest, 0755)
	err = iterOp(remove, filepath.Join(s.appg, "*"), s.dest, "foo_")
	c.Assert(err, ErrorMatches, ".*unable to remove.*")
Beispiel #21
// SaveConfig saves configuration file.
// if configKey has been set, the file will be encrypted.
func SaveConfig() {
	if len(configKey) == 0 {
		err := goconfig.SaveConfigFile(configData, ConfigPath)
		if err != nil {
			log.Fatalf("Failed to save config file: %v", err)
		err = os.Chmod(ConfigPath, 0600)
		if err != nil {
			ErrorLog(nil, "Failed to set permissions on config file: %v", err)
	var buf bytes.Buffer
	err := goconfig.SaveConfigData(configData, &buf)
	if err != nil {
		log.Fatalf("Failed to save config file: %v", err)

	f, err := os.Create(ConfigPath)
	if err != nil {
		log.Fatalf("Failed to save config file: %v", err)

	fmt.Fprintln(f, "# Encrypted rclone configuration File")
	fmt.Fprintln(f, "")
	fmt.Fprintln(f, "RCLONE_ENCRYPT_V0:")

	// Generate new nonce and write it to the start of the ciphertext
	var nonce [24]byte
	n, _ := rand.Read(nonce[:])
	if n != 24 {
		log.Fatalf("nonce short read: %d", n)
	enc := base64.NewEncoder(base64.StdEncoding, f)
	_, err = enc.Write(nonce[:])
	if err != nil {
		log.Fatalf("Failed to write config file: %v", err)

	var key [32]byte
	copy(key[:], configKey[:32])

	b := secretbox.Seal(nil, buf.Bytes(), &nonce, &key)
	_, err = enc.Write(b)
	if err != nil {
		log.Fatalf("Failed to write config file: %v", err)
	_ = enc.Close()
	err = f.Close()
	if err != nil {
		log.Fatalf("Failed to close config file: %v", err)

	err = os.Chmod(ConfigPath, 0600)
	if err != nil {
		ErrorLog(nil, "Failed to set permissions on config file: %v", err)
Beispiel #22
func AskPass(q string) string {
	var pass string

	cloudwalk_dir := GetPathFromHome("/.cloudwalk")
	pass_file := cloudwalk_dir + "/"
	pass_script := `#!/bin/bash
function finish {
trap finish EXIT
unset password
read -e -s password
echo $password

	os.Mkdir(cloudwalk_dir, 0755)
	ioutil.WriteFile(pass_file, []byte(pass_script), 0755)

	os.Chmod(cloudwalk_dir, 0755)
	os.Chmod(pass_file, 0755)

	cmd := exec.Command("bash", pass_file)

	var b bytes.Buffer
	cmd.Stdout = &b
	cmd.Stdin = os.Stdin

	fmt.Printf("%s", q)

	// Clean OS Exit
	c := make(chan os.Signal, 1)
	signal.Notify(c, os.Interrupt)
	signal.Notify(c, syscall.SIGTERM)
	go func() {
		if pass == "" {
			println("\nDone. Press Enter.")

	if err := cmd.Start(); err != nil {
		Exitf(2, "Failed to start the password request. Error: %s\n", err.Error())

	if err := cmd.Wait(); err != nil {
		Exitf(2, "Failed to wait for the password request. Error: %s\n", err.Error())

	pass = b.String()
	pass = pass[:len(pass)-1]


	return pass
Beispiel #23
func (s *upgradeGUISuite) TestUpgradeGUIFileError(c *gc.C) {
	path, _, _ := saveGUIArchive(c, "2.0.0")
	err := os.Chmod(path, 0000)
	c.Assert(err, jc.ErrorIsNil)
	defer os.Chmod(path, 0600)
	out, err :=, path)
	c.Assert(err, gc.ErrorMatches, "cannot open GUI archive: .*")
	c.Assert(out, gc.Equals, "")
Beispiel #24
func DoTestSetModeNew(t *testing.T, mkrepo repoMaker) {
	tg := treegen.New()
	treeSpec := tg.D("foo",
				tg.F("A", tg.B(42, 65537)),
				tg.F("a", tg.B(42, 65537)))))
	srcpath := treegen.TestTree(t, treeSpec)
	os.Chmod(filepath.Join(srcpath, "foo", "bar", "aleph", "A"), 0765)
	os.Chmod(filepath.Join(srcpath, "foo", "bar"), 0711)
	defer os.RemoveAll(srcpath)
	srcRepo := mkrepo(t)
	defer srcRepo.Close()
	srcStore, err := fs.NewLocalStore(srcpath, srcRepo)
	assert.T(t, err == nil)

	tg = treegen.New()
	treeSpec = tg.D("foo")
	dstpath := treegen.TestTree(t, treeSpec)
	defer os.RemoveAll(dstpath)
	dstRepo := mkrepo(t)
	defer dstRepo.Close()
	dstStore, err := fs.NewLocalStore(dstpath, dstRepo)
	assert.T(t, err == nil)

	patchPlan := NewPatchPlan(srcStore, dstStore)
	failedCmd, err := patchPlan.Exec()
	assert.Tf(t, failedCmd == nil, "%v", failedCmd)
	assert.Tf(t, err == nil, "%v", err)

	errors := make(chan os.Error)
	go func() {
	for err := range errors {
		assert.Tf(t, err == nil, "%v", err)

	errors = make(chan os.Error)
	go func() {
	for err := range errors {
		assert.Tf(t, err == nil, "%v", err)

	fileinfo, err := os.Stat(filepath.Join(dstpath, "foo", "bar", "aleph", "A"))
	assert.T(t, fileinfo != nil)
	assert.Equal(t, uint32(0765), fileinfo.Permission())

	fileinfo, err = os.Stat(filepath.Join(dstpath, "foo", "bar"))
	assert.T(t, fileinfo != nil)
	assert.Equal(t, uint32(0711), fileinfo.Permission())
Beispiel #25
func startHost(domain *tao.Domain) {

	if *options.Bool["daemon"] && *options.Bool["foreground"] {
		options.Usage("Can supply only one of -daemon and -foreground")
	if *options.Bool["daemon"] {

	cfg := configureFromFile()
	host, err := loadHost(domain, cfg)
	options.FailIf(err, "Can't create host")

	sockPath := path.Join(hostPath(), "admin_socket")
	// Set the socketPath directory go+rx so tao_launch can access sockPath and
	// connect to this linux host, even when tao_launch is run as non-root.
	err = os.Chmod(path.Dir(sockPath), 0755)
	options.FailIf(err, "Can't change permissions")
	uaddr, err := net.ResolveUnixAddr("unix", sockPath)
	options.FailIf(err, "Can't resolve unix socket")
	sock, err := net.ListenUnix("unix", uaddr)
	options.FailIf(err, "Can't create admin socket")
	defer sock.Close()
	err = os.Chmod(sockPath, 0666)
	if err != nil {
		options.Fail(err, "Can't change permissions on admin socket")

	go func() {
		verbose.Printf("Linux Tao Service (%s) started and waiting for requests\n", host.HostName())
		err = tao.NewLinuxHostAdminServer(host).Serve(sock)
		verbose.Printf("Linux Tao Service finished\n")
		options.FailIf(err, "Error serving admin requests")

	c := make(chan os.Signal, 1)
	signal.Notify(c, os.Interrupt, os.Kill, syscall.SIGTERM)
	verbose.Printf("Linux Tao Service shutting down\n")
	err = shutdown()
	if err != nil {
		options.Fail(err, "Can't shut down admin socket")

	// The above goroutine will normally end by calling os.Exit(), so we
	// can block here indefinitely. But if we get a second kill signal,
	// let's abort.
	verbose.Printf("Waiting for shutdown....\n")
	options.Fail(nil, "Could not shut down linux_host")
Beispiel #26
func TestJsonFac(t *testing.T) {
	type utest struct {
		desc, rawurl string
		ok           bool

	tests := []utest{
		{"bad scheme", "badscheme://p", false},
		{"invalid path", "json:///THIS_SHOULD_NOT_EXIST", false},
		{"missing path", "json:///", false},
		{"dir", "json://testdata/", false},
		{"relative path", "json://rel/ok.json", true},
		// TODO add tilde expansion and environ

	os.Chmod("testdata/rel/noaccess.json", 0000)
	defer os.Chmod("testdata/rel/noaccess.json", 0644)
	tests = append(tests, utest{"unauthorized path", "json://rel/noaccess.json", false})

	// absfile test
	absfile := "/tmp/CTRL_JSON_OK_XXX.json"
	ioutil.WriteFile(absfile, []byte("{}"), 0644)
	defer os.Remove(absfile)
	tests = append(tests, utest{"absolute path", "json://" + absfile, true})

	// rel symlink
	if err := os.Symlink(absfile, "testdata/rel/ok-link.json"); err != nil {
	defer os.Remove("testdata/rel/ok-link.json")
	tests = append(tests, utest{"relative link", "json://rel/ok-link.json", true})

	// abs symlink
	abslink := "/tmp/CTRL_JSON_OK_XXX-LINK.json"
	if err := os.Symlink(absfile, abslink); err != nil {
	defer os.Remove(abslink)
	tests = append(tests, utest{"absolute link", "json://" + abslink, true})

	config.StartConfig.Rootdir = "testdata"

	for _, test := range tests {
		u, err := url.Parse(test.rawurl)
		if err != nil {
		_, err = JsonFac(u)
		if test.ok && err != nil {
			t.Error(test.desc, "should succeed:", err)
		if !test.ok && err == nil {
			t.Error(test.desc, "should fail")
Beispiel #27
func (s *storageSuite) TestTmpDirPermissions(c *gc.C) {
	// newSSHStorage will fail if it can't create or change the
	// permissions of the temporary directory.
	storageDir := c.MkDir()
	tmpdir := c.MkDir()
	os.Chmod(tmpdir, 0400)
	defer os.Chmod(tmpdir, 0755)
	_, err := newSSHStorage("", storageDir, filepath.Join(tmpdir, "subdir2"))
	c.Assert(err, gc.ErrorMatches, ".*install: cannot create directory.*Permission denied.*")
Beispiel #28
func TestHeartBeatAsLeaderErrorOnWrite(t *testing.T) {
	node := hbNode(t, 3)
	defer node.Close()

	// Set term to artificial higher value.
	newTerm := uint64(8)

	// Create fake node to elect the Leader.
	fake := fakeNode("fake")

	// Hook up to MockRPC layer
	defer mockUnregisterPeer(
	node.electTimer.Reset(1 * time.Millisecond)

	vreq := <-fake.VoteRequests

	// Send Fake VoteResponse to promote node to Leader
	node.VoteResponses <- &pb.VoteResponse{Term: vreq.Term, Granted: true}

	if state := waitForState(node, LEADER); state != LEADER {
		t.Fatalf("Expected Node to be in Leader state, got: %s", state)
	if curLeader := waitForLeader(node, node.Id()); curLeader != node.Id() {
		t.Fatalf("Expected us to be leader, got: %s\n", curLeader)
	if node.CurrentTerm() != vreq.Term {
		t.Fatalf("Expected CurrentTerm of %d, got: %d\n",
			vreq.Term, node.CurrentTerm())

	// Test persistent state
	testStateOfNode(t, node)

	// Change log permissions to cause error
	if err := os.Chmod(node.logPath, 0400); err != nil {
		t.Fatalf("Unable to change log permissions: %v", err)

	// Send an heartbeat with higher term, which should cause the current leader
	// to step down.
	sendAndWait(node, &pb.Heartbeat{Term: newTerm + 10, Leader: "other"})

	// Server should stepdown
	if state := waitForState(node, FOLLOWER); state != FOLLOWER {
		t.Fatalf("Expected Node to be in Follower state, got %s", state)

	// Reset the permission
	os.Chmod(node.logPath, 0660)
func (p *puller) handleEmptyBlock(b bqBlock) {
	f := b.file
	of := p.openFiles[f.Name]

	if b.last {
		if of.err == nil {

	if protocol.IsDeleted(f.Flags) {
		if debug {
			l.Debugf("pull: delete %q", f.Name)

		// Ensure the file and the directory it is in is writeable so we can remove the file
		dirName := filepath.Dir(of.filepath)
		os.Chmod(of.filepath, 0666)
		if dirName != p.repoCfg.Directory {
			os.Chmod(dirName, 0777)
		if p.versioner != nil {
			if debug {
				l.Debugln("pull: deleting with versioner")
			if err := p.versioner.Archive(p.repoCfg.Directory, of.filepath); err == nil {
				p.model.updateLocal(p.repoCfg.ID, f)
			} else if debug {
				l.Debugln("pull: error:", err)
		} else if err := os.Remove(of.filepath); err == nil || os.IsNotExist(err) {
			p.model.updateLocal(p.repoCfg.ID, f)
	} else {
		if debug {
			l.Debugf("pull: no blocks to fetch and nothing to copy for %q / %q", p.repoCfg.ID, f.Name)
		t := time.Unix(f.Modified, 0)
		if os.Chtimes(of.temp, t, t) != nil {
			delete(p.openFiles, f.Name)
		if !p.repoCfg.IgnorePerms && protocol.HasPermissionBits(f.Flags) && os.Chmod(of.temp, os.FileMode(f.Flags&0777)) != nil {
			delete(p.openFiles, f.Name)
		if osutil.Rename(of.temp, of.filepath) == nil {
			p.model.updateLocal(p.repoCfg.ID, f)
	delete(p.openFiles, f.Name)
Beispiel #30
func shipCircuit() string {
	tmpdir, err := MakeTempDir()
	if err != nil {
		Fatalf("Problem making packaging directory (%s)\n", err)

	// Copy worker binary over to shipping directory
	println("--Packaging worker", x.binary)
	binpkg := workerPkgPath()
	_, workerName := path.Split(binpkg)
	shipFile := path.Join(tmpdir, x.binary) // Destination binary location and name
	if _, err = CopyFile(path.Join(binpkg, workerName), shipFile); err != nil {
		Fatalf("Problem copying circuit worker binary (%s)\n", err)
	if err = os.Chmod(shipFile, 0755); err != nil {
		Fatalf("Problem chmod'ing circuit worker binary (%s)\n", err)

	// Copy command-line helper tools over to shipping directory
	for _, cpkg := range cmdPkg {
		println("--Packaging helper", cpkg)
		shipHelper := path.Join(tmpdir, cpkg)
		if _, err = CopyFile(path.Join(helperPkgPath(cpkg), cpkg), shipHelper); err != nil {
			Fatalf("Problem copying circuit helper binary (%s)\n", err)
		if err = os.Chmod(shipHelper, 0755); err != nil {
			Fatalf("Problem chmod'ing circuit helper binary (%s)\n", err)

	// Copy additional user commands to shipping directory
	for _, cmdpkg := range x.cmdPkgs {
		println("--Packaging command", cmdpkg)
		_, cmd := path.Split(cmdpkg)
		shipCommand := path.Join(tmpdir, cmd)
		if _, err = CopyFile(path.Join(cmdPkgPath(cmdpkg), cmd), shipCommand); err != nil {
			Fatalf("Problem copying command binary (%s)\n", err)
		if err = os.Chmod(shipCommand, 0755); err != nil {
			Fatalf("Problem chmod'ing command binary (%s)\n", err)

	// Place the zookeeper dynamic libraries in the shipment
	// Shipping Zookeeper is not necessary when static linking (currently enabled).
		println("--Packaging Zookeeper libraries")
		if err = ShellCopyFile(path.Join(x.zlib, "libzookeeper*"), tmpdir+"/"); err != nil {
			Fatalf("Problem copying Zookeeper library files (%s)\n", err)

	return tmpdir