From 3922b3ac8c8bcf8c2701be0f5d9496cfa3981bbb Mon Sep 17 00:00:00 2001 From: Chris Date: Thu, 8 Mar 2018 08:19:56 -0600 Subject: fix sandbox cleanup (#8421) --- plugin/rpcplugin/sandbox/sandbox_linux.go | 49 ++++++++++++++++++------------- 1 file changed, 28 insertions(+), 21 deletions(-) diff --git a/plugin/rpcplugin/sandbox/sandbox_linux.go b/plugin/rpcplugin/sandbox/sandbox_linux.go index 4ade00cf2..beb00995d 100644 --- a/plugin/rpcplugin/sandbox/sandbox_linux.go +++ b/plugin/rpcplugin/sandbox/sandbox_linux.go @@ -23,7 +23,7 @@ import ( ) func init() { - if len(os.Args) < 3 || os.Args[0] != "sandbox.runProcess" { + if len(os.Args) < 4 || os.Args[0] != "sandbox.runProcess" { return } @@ -32,7 +32,7 @@ func init() { fmt.Println(err.Error()) os.Exit(1) } - if err := runProcess(&config, os.Args[2]); err != nil { + if err := runProcess(&config, os.Args[2], os.Args[3]); err != nil { if eerr, ok := err.(*exec.ExitError); ok { if status, ok := eerr.Sys().(syscall.WaitStatus); ok { os.Exit(status.ExitStatus()) @@ -98,13 +98,7 @@ func systemMountPoints() (points []*MountPoint) { return } -func runProcess(config *Configuration, path string) error { - root, err := ioutil.TempDir("", "") - if err != nil { - return err - } - defer os.RemoveAll(root) - +func runProcess(config *Configuration, path, root string) error { if err := syscall.Mount("", "/", "", syscall.MS_PRIVATE|syscall.MS_REC, ""); err != nil { return errors.Wrapf(err, "unable to make root private") } @@ -330,9 +324,10 @@ func runExecutable(path string) error { type process struct { command *exec.Cmd + root string } -func newProcess(ctx context.Context, config *Configuration, path string) (rpcplugin.Process, io.ReadWriteCloser, error) { +func newProcess(ctx context.Context, config *Configuration, path string) (pOut rpcplugin.Process, rwcOut io.ReadWriteCloser, errOut error) { configJSON, err := json.Marshal(config) if err != nil { return nil, nil, err @@ -345,8 +340,18 @@ func newProcess(ctx context.Context, config *Configuration, path string) (rpcplu defer childFiles[0].Close() defer childFiles[1].Close() + root, err := ioutil.TempDir("", "") + if err != nil { + return nil, nil, err + } + defer func() { + if errOut != nil { + os.RemoveAll(root) + } + }() + cmd := exec.CommandContext(ctx, "/proc/self/exe") - cmd.Args = []string{"sandbox.runProcess", string(configJSON), path} + cmd.Args = []string{"sandbox.runProcess", string(configJSON), path, root} cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr cmd.ExtraFiles = childFiles @@ -378,19 +383,21 @@ func newProcess(ctx context.Context, config *Configuration, path string) (rpcplu return &process{ command: cmd, + root: root, }, ipc, nil } func (p *process) Wait() error { + defer os.RemoveAll(p.root) return p.command.Wait() } func init() { - if len(os.Args) < 1 || os.Args[0] != "sandbox.checkSupportInNamespace" { + if len(os.Args) < 2 || os.Args[0] != "sandbox.checkSupportInNamespace" { return } - if err := checkSupportInNamespace(); err != nil { + if err := checkSupportInNamespace(os.Args[1]); err != nil { fmt.Fprintf(os.Stderr, "%v", err.Error()) os.Exit(1) } @@ -398,13 +405,7 @@ func init() { os.Exit(0) } -func checkSupportInNamespace() error { - root, err := ioutil.TempDir("", "") - if err != nil { - return err - } - defer os.RemoveAll(root) - +func checkSupportInNamespace(root string) error { if err := syscall.Mount("", "/", "", syscall.MS_PRIVATE|syscall.MS_REC, ""); err != nil { return errors.Wrapf(err, "unable to make root private") } @@ -444,8 +445,14 @@ func checkSupport() error { stderr := &bytes.Buffer{} + root, err := ioutil.TempDir("", "") + if err != nil { + return err + } + defer os.RemoveAll(root) + cmd := exec.Command("/proc/self/exe") - cmd.Args = []string{"sandbox.checkSupportInNamespace"} + cmd.Args = []string{"sandbox.checkSupportInNamespace", root} cmd.Stderr = stderr cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWPID | syscall.CLONE_NEWUSER, -- cgit v1.2.3-1-g7c22 From 22f2245a26a0414f2c4c79d3852a94504d474714 Mon Sep 17 00:00:00 2001 From: Harrison Healey Date: Fri, 9 Mar 2018 12:16:27 -0500 Subject: ICU-682 Stopped sending out of channel mention warnings for system messages (#8426) --- app/notification.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/notification.go b/app/notification.go index 8cb63fbaf..9a8096bbf 100644 --- a/app/notification.go +++ b/app/notification.go @@ -89,7 +89,7 @@ func (a *App) SendNotifications(post *model.Post, team *model.Team, channel *mod delete(mentionedUserIds, post.UserId) } - if len(m.OtherPotentialMentions) > 0 { + if len(m.OtherPotentialMentions) > 0 && !post.IsSystemMessage() { if result := <-a.Srv.Store.User().GetProfilesByUsernames(m.OtherPotentialMentions, team.Id); result.Err == nil { outOfChannelMentions := result.Data.([]*model.User) if channel.Type != model.CHANNEL_GROUP { -- cgit v1.2.3-1-g7c22 From 2b460da1d54944c5c16ef15e966843b00f06aa63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Espino?= Date: Mon, 12 Mar 2018 18:16:22 +0000 Subject: Fix saml users.json parameter (#8435) --- cmd/platform/user.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/platform/user.go b/cmd/platform/user.go index e2a8c9748..edbccb164 100644 --- a/cmd/platform/user.go +++ b/cmd/platform/user.go @@ -510,7 +510,7 @@ func migrateAuthToLdapCmdF(cmd *cobra.Command, args []string) error { } fromAuth := args[0] - matchField := args[1] + matchField := args[2] if len(fromAuth) == 0 || (fromAuth != "email" && fromAuth != "gitlab" && fromAuth != "saml") { return errors.New("Invalid from_auth argument") @@ -551,7 +551,7 @@ func migrateAuthToSamlCmdF(cmd *cobra.Command, args []string) error { matchesFile := "" matches := map[string]string{} if !autoFlag { - matchesFile = args[1] + matchesFile = args[2] file, e := ioutil.ReadFile(matchesFile) if e != nil { -- cgit v1.2.3-1-g7c22