|
|
@ -215,6 +215,44 @@ def make_containers(name_prefix='', port_offset=0):
|
|
|
|
return lst
|
|
|
|
return lst
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
INTERESTING_COMMS = ('python', 'ssh', 'sudo', 'su', 'doas')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def proc_is_docker(pid):
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
fp = open('/proc/%s/cgroup' % (pid,), 'rb')
|
|
|
|
|
|
|
|
except IOError:
|
|
|
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
return 'docker' in fp.read()
|
|
|
|
|
|
|
|
finally:
|
|
|
|
|
|
|
|
fp.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def get_interesting_procs(container_name=None):
|
|
|
|
|
|
|
|
args = ['ps', '-a', '-x', '-oppid=', '-opid=', '-ocomm=', '-ocommand=']
|
|
|
|
|
|
|
|
if container_name is not None:
|
|
|
|
|
|
|
|
args = ['docker', 'exec', container_name] + args
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
out = []
|
|
|
|
|
|
|
|
for line in subprocess__check_output(args).splitlines():
|
|
|
|
|
|
|
|
ppid, pid, comm, rest = line.split(None, 3)
|
|
|
|
|
|
|
|
if (
|
|
|
|
|
|
|
|
(
|
|
|
|
|
|
|
|
any(comm.startswith(s) for s in INTERESTING_COMMS) or
|
|
|
|
|
|
|
|
'mitogen:' in rest
|
|
|
|
|
|
|
|
) and
|
|
|
|
|
|
|
|
(
|
|
|
|
|
|
|
|
container_name is not None or
|
|
|
|
|
|
|
|
(not proc_is_docker(pid))
|
|
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
):
|
|
|
|
|
|
|
|
out.append((int(pid), line))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return sorted(out)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def start_containers(containers):
|
|
|
|
def start_containers(containers):
|
|
|
|
if os.environ.get('KEEP'):
|
|
|
|
if os.environ.get('KEEP'):
|
|
|
|
return
|
|
|
|
return
|
|
|
@ -236,9 +274,44 @@ def start_containers(containers):
|
|
|
|
]
|
|
|
|
]
|
|
|
|
for container in containers
|
|
|
|
for container in containers
|
|
|
|
])
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
for container in containers:
|
|
|
|
|
|
|
|
container['interesting'] = get_interesting_procs(container['name'])
|
|
|
|
|
|
|
|
|
|
|
|
return containers
|
|
|
|
return containers
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def verify_procs(hostname, old, new):
|
|
|
|
|
|
|
|
oldpids = set(pid for pid, _ in old)
|
|
|
|
|
|
|
|
if any(pid not in oldpids for pid, _ in new):
|
|
|
|
|
|
|
|
print('%r had stray processes running:' % (hostname,))
|
|
|
|
|
|
|
|
for pid, line in new:
|
|
|
|
|
|
|
|
if pid not in oldpids:
|
|
|
|
|
|
|
|
print('New process:', line)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
print()
|
|
|
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def check_stray_processes(old, containers=None):
|
|
|
|
|
|
|
|
ok = True
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
new = get_interesting_procs()
|
|
|
|
|
|
|
|
if old is not None:
|
|
|
|
|
|
|
|
ok &= verify_procs('test host machine', old, new)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
for container in containers or ():
|
|
|
|
|
|
|
|
ok &= verify_procs(
|
|
|
|
|
|
|
|
container['name'],
|
|
|
|
|
|
|
|
container['interesting'],
|
|
|
|
|
|
|
|
get_interesting_procs(container['name'])
|
|
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
assert ok, 'stray processes were found'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def dump_file(path):
|
|
|
|
def dump_file(path):
|
|
|
|
print()
|
|
|
|
print()
|
|
|
|
print('--- %s ---' % (path,))
|
|
|
|
print('--- %s ---' % (path,))
|
|
|
|