Commit ec4d17ef authored by Kirk Webb's avatar Kirk Webb

Enforce appropriate taint modes for os_load command and virtnode hosts.

If a user tries to os_load a virtnode who's physnode is not tainted,
skip (deny) it.  Also add a second safety check in Node->OSSelect to
enforce node tainting.
parent 394b68e1
......@@ -3123,6 +3123,14 @@ sub OSSelect($$$$)
}
$osinfo = $nextosinfo;
}
# Make sure the node is tainted if the OS selected is tainted.
if (defined($osinfo) && $osinfo->IsTainted()) {
if ($self->InheritTaintStates($osinfo) != 0) {
print STDERR "Could not inherit taint states from $osinfo\n";
return -1;
}
}
if (defined($osinfo) && !defined($field)) {
print STDERR "No field specified for OSSelect on $nodeid\n";
......
......@@ -483,6 +483,11 @@ sub osload ($$) {
my $osid = $rowref->{$partname};
my $vers = $rowref->{$partvers};
if (defined($osid)) {
my $osinfo = OSinfo->Lookup($osid, $vers);
if (!defined($osinfo)) {
tberror "No OSinfo found for osid $osid!\n";
goto failednode;
}
my %part = (
'node_id' => $node,
'partition' => $i,
......
......@@ -2103,6 +2103,11 @@ sub UpdatePartitions($$)
my $osid = $rowref->{$partname};
if (defined($osid)) {
my $osinfo = OSinfo->Lookup($osid, $vers);
if (!defined($osinfo)) {
tberror "No OSinfo found for osid $osid!\n";
return -1;
}
my %part = (
'node_id' => $node_id,
'partition' => $i,
......
......@@ -330,6 +330,12 @@ foreach my $node ( @nodes ) {
print "*** reload($nodeid): subOS $osinfo cannot run on parent node $parent running $posinfo, skipping!\n";
$failed = 1;
}
elsif (($osinfo->IsTainted(TB_TAINTSTATE_USERONLY) ||
$osinfo->IsTainted(TB_TAINTSTATE_BLACKBOX))
&& !$parent->IsTainted(TB_TAINTSTATE_BLACKBOX)) {
print "*** reload($nodeid): subOS $osinfo is tainted, but parent node $parent is not, skipping!\n";
$failed = 1;
}
}
}
else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment