search

subuser-security / subuser

Run programs on linux with selectively restricted permissions.
http://subuser.org
GNU Lesser General Public License v3.0
890 stars 65 forks source link

Failing just becasue of git warning may be too restrictive #340

Open DEVoytas opened 6 years ago

DEVoytas commented 6 years ago

Git warning messages are wrote to stderr which causes failure for what otherwise would be a successful operation.

For example:

$ git config --global init.templatedir "/tmp/non-existing" # this is non-harmful in general but causes failure
$ rm -rf ~/.subuser && subuser list available
warning: templates not found /tmp/non-existing
Traceback (most recent call last):
  File "/usr/local/bin/subuser", line 52, in <module>
    command(sys.argv[2:])
  File "/usr/local/lib/python3.5/dist-packages/subuserlib/builtInCommands/list.py", line 64, in runCommand
    reposToList = user.registry.repositories.keys()
  File "/usr/local/lib/python3.5/dist-packages/subuserlib/classes/user.py", line 70, in registry
    self.__registry.ensureGitRepoInitialized()
  File "/usr/local/lib/python3.5/dist-packages/subuserlib/classes/registry.py", line 62, in ensureGitRepoInitialized
    self.gitRepository.run(["init"])
  File "/usr/local/lib/python3.5/dist-packages/subuserlib/classes/gitRepository.py", line 60, in run
    returncode,_ = self.__run(args)
  File "/usr/local/lib/python3.5/dist-packages/subuserlib/classes/gitRepository.py", line 85, in __run
    raise GitException(stderr)
subuserlib.classes.gitRepository.GitException: warning: templates not found /tmp/non-existing

Consider failing the command only when it returns non-zero value.

For example this change:

diff --git i/logic/subuserlib/classes/gitRepository.py w/logic/subuserlib/classes/gitRepository.py
index 22620c08d5ed..1e9f85c3708d 100755
--- i/logic/subuserlib/classes/gitRepository.py
+++ w/logic/subuserlib/classes/gitRepository.py
@@ -78,7 +78,7 @@ $ git config --global user.email johndoe@example.com
         self.user.registry.log(self.path+": "+" ".join(gitArgs),verbosityLevel=5)
         self.user.registry.log(stdout,verbosityLevel=5)
         self.user.registry.log(stderr,verbosityLevel=5)
-      if stderr and not eatStderr:
+      if stderr and not eatStderr and returncode != 0:
         raise GitException(stderr)
       return (returncode,stdout)
     except OSError as e:

results in successful operation (although warning message is still there):

$ rm -rf ~/.subuser && subuser list available
Initial commit.
Cloning repository default from https://github.com/subuser-security/subuser-default-repository.git
Cloning into '/home/mawj/.subuser/repositories/default'...
warning: templates not found /tmp/non-existing
remote: Counting objects: 2673, done.
remote: Total 2673 (delta 0), reused 0 (delta 0), pack-reused 2673
Receiving objects: 100% (2673/2673), 335.32 KiB | 605.00 KiB/s, done.
Resolving deltas: 100% (1536/1536), done.
arduino@default
[...]
xtightvncviewer-base@default