diff options
| author | Tim Smith <tsmith@chef.io> | 2017-09-06 12:51:07 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-09-06 12:51:07 -0700 |
| commit | 294742ef45336b97cafc1742c6adfd1d6657c710 (patch) | |
| tree | 9a9e3bf7a1dd98101868d1b418b3f7479faea681 /lib | |
| parent | 38f8845fda94c6640ab905ef84f182db38c5f51f (diff) | |
| parent | 518b27b7b22468d0ebde0b9370e113d31c8ccf2a (diff) | |
| download | chef-294742ef45336b97cafc1742c6adfd1d6657c710.tar.gz | |
Merge pull request #6353 from mikedodge04/launchd2
Launchd should not load launchagents as root.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/chef/provider/launchd.rb | 20 | ||||
| -rw-r--r-- | lib/chef/provider/service/macosx.rb | 7 |
2 files changed, 24 insertions, 3 deletions
diff --git a/lib/chef/provider/launchd.rb b/lib/chef/provider/launchd.rb index 9c368c2b48..8281410d42 100644 --- a/lib/chef/provider/launchd.rb +++ b/lib/chef/provider/launchd.rb @@ -90,6 +90,7 @@ class Chef end def manage_plist(action) + return unless manage_agent?(action) if source res = cookbook_file_resource else @@ -101,11 +102,30 @@ class Chef end def manage_service(action) + return unless manage_agent?(action) res = service_resource res.run_action(action) new_resource.updated_by_last_action(true) if res.updated? end + def manage_agent?(action) + # Gets UID of console_user and converts to string. + console_user = Etc.getpwuid(::File.stat("/dev/console").uid).name + root = console_user == "root" + agent = type == "agent" + invalid_action = [:delete, :disable, :enable, :restart].include?(action) + lltstype = "" + if new_resource.limit_load_to_session_type + lltstype = new_resource.limit_load_to_session_type + end + invalid_type = lltstype != "LoginWindow" + if root && agent && invalid_action && invalid_type + Chef::Log.debug("#{label}: Aqua LaunchAgents shouldn't be loaded as root") + return false + end + true + end + def service_resource res = Chef::Resource::MacosxService.new(label, run_context) res.name(label) if label diff --git a/lib/chef/provider/service/macosx.rb b/lib/chef/provider/service/macosx.rb index 4056b72649..9dc7b81a29 100644 --- a/lib/chef/provider/service/macosx.rb +++ b/lib/chef/provider/service/macosx.rb @@ -52,17 +52,18 @@ class Chef @plist_size = 0 @plist = @new_resource.plist ? @new_resource.plist : find_service_plist @service_label = find_service_label - # LauchAgents should be loaded as the console user. + # LaunchAgents should be loaded as the console user. @console_user = @plist ? @plist.include?("LaunchAgents") : false @session_type = @new_resource.session_type if @console_user - @console_user = Etc.getlogin + @console_user = Etc.getpwuid(::File.stat("/dev/console").uid).name Chef::Log.debug("#{new_resource} console_user: '#{@console_user}'") cmd = "su " param = this_version_or_newer?("10.10") ? "" : "-l " + param = "-l " if this_version_or_newer?("10.12") @base_user_cmd = cmd + param + "#{@console_user} -c" - # Default LauchAgent session should be Aqua + # Default LaunchAgent session should be Aqua @session_type = "Aqua" if @session_type.nil? end |