Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-3687

error: CfReadFile: Error while reading file when syntax checking promises.cf as unprivledged user

    XMLWordPrintable

    Details

      Description

      Performing a syntax check on promises.cf as an unprivledged user results in errors.

      exec 2>&1
      # Validate syntax on the primary policy entries
      cf-promises -cf ./var/cfengine/masterfiles/promises.cf
      cf-promises -cf ./var/cfengine/masterfiles/update.cf
      # Validate Augments (JSON)
      python -m json.tool < ./var/cfengine/masterfiles/def.json
      :
      
         error: CfReadFile: Error while reading file '/sys/devices/virtual/dmi/id/product_serial' (Permission denied)
         error: CfReadFile: Error while reading file '/sys/devices/virtual/dmi/id/product_serial' (Permission denied)
         error: CfReadFile: Error while reading file '/sys/devices/virtual/dmi/id/product_uuid' (Permission denied)
         error: CfReadFile: Error while reading file '/sys/devices/virtual/dmi/id/product_uuid' (Permission denied)
         error: CfReadFile: Error while reading file '/sys/devices/virtual/dmi/id/product_serial' (Permission denied)
         error: CfReadFile: Error while reading file '/sys/devices/virtual/dmi/id/product_serial' (Permission denied)
         error: CfReadFile: Error while reading file '/sys/devices/virtual/dmi/id/product_uuid' (Permission denied)
         error: CfReadFile: Error while reading file '/sys/devices/virtual/dmi/id/product_uuid' (Permission denied)
      {
          "classes": {
              "mpf_augments_control_enabled": [
                  "any::"
              ]
          },
          "vars": {
              "acl": [
                  "0.0.0.0/0"
              ],
              "default_data_select_host_monitoring_include": [
                  ".*"
              ],
              "default_data_select_policy_hub_monitoring_include": [
                  "mem_.*",
                  "cpu_.*"
              ]
          }
      }
      

      Perhaps we can guard against reading of files that we don't have read access to.

        Attachments

          Activity

            People

            • Assignee:
              a10042 Nick Anderson
              Reporter:
              a10042 Nick Anderson
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                Summary Panel