From 2e7dfc229ab285f24e3974cd91568c628e14bcd8 Mon Sep 17 00:00:00 2001 From: Edmund Haselwanter Date: Thu, 5 Jun 2014 10:15:06 +0200 Subject: [PATCH 1/3] serverspec has a contract on running commands remote. this fixes the local execution and adds a conditional context depending on the presence of the nx flag --- default/serverspec/sysctl_spec.rb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/default/serverspec/sysctl_spec.rb b/default/serverspec/sysctl_spec.rb index 03af49e..96152d3 100644 --- a/default/serverspec/sysctl_spec.rb +++ b/default/serverspec/sysctl_spec.rb @@ -173,11 +173,16 @@ end describe 'ExecShield' do - %x( cat /proc/cpuinfo | egrep "^flags" | grep -q ' nx ' ) - if $CHILD_STATUS.exitstatus != 0 + if command('cat /proc/cpuinfo').return_stdout?(/^flags.*?: .*? nx .*?$/) context linux_kernel_parameter('kernel.exec-shield') do its(:value) { should eq 1 } end + else + context 'No nx flag detected' do + it 'no kernel.exec-shield required' do + true + end + end end context linux_kernel_parameter('kernel.randomize_va_space') do From 9ae49f3b6be9aef6af3af32127bfd495c036b042 Mon Sep 17 00:00:00 2001 From: Edmund Haselwanter Date: Thu, 5 Jun 2014 10:42:23 +0200 Subject: [PATCH 2/3] fix regexp to match nx at the beginning and at the end of the flags --- default/serverspec/sysctl_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default/serverspec/sysctl_spec.rb b/default/serverspec/sysctl_spec.rb index 96152d3..630c0c0 100644 --- a/default/serverspec/sysctl_spec.rb +++ b/default/serverspec/sysctl_spec.rb @@ -173,7 +173,7 @@ end describe 'ExecShield' do - if command('cat /proc/cpuinfo').return_stdout?(/^flags.*?: .*? nx .*?$/) + if command('cat /proc/cpuinfo').return_stdout?(/^flags.*?:.*? nx( .*?)?$/) context linux_kernel_parameter('kernel.exec-shield') do its(:value) { should eq 1 } end From 8d8d8b8389dfb74de3cb7d1e28eb1aa5505f9c58 Mon Sep 17 00:00:00 2001 From: Edmund Haselwanter Date: Thu, 5 Jun 2014 10:42:43 +0200 Subject: [PATCH 3/3] fix trailing space --- default/serverspec/sysctl_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default/serverspec/sysctl_spec.rb b/default/serverspec/sysctl_spec.rb index 630c0c0..05ff436 100644 --- a/default/serverspec/sysctl_spec.rb +++ b/default/serverspec/sysctl_spec.rb @@ -179,7 +179,7 @@ end else context 'No nx flag detected' do - it 'no kernel.exec-shield required' do + it 'no kernel.exec-shield required' do true end end