From 3cda0000c736876737d9907c22533054e57bda91 Mon Sep 17 00:00:00 2001 From: Lars Erik Wik Date: Fri, 1 Aug 2025 10:35:27 +0200 Subject: [PATCH 1/2] Fixed bug where files content promises skips remaining promises Fixed a bug where a successful files content promise causes remaining files promise attribute handling to be skipped. Ticket: CFE-4569 Changelog: Commit Signed-off-by: Lars Erik Wik --- cf-agent/verify_files.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/cf-agent/verify_files.c b/cf-agent/verify_files.c index a09bc875f8..748ac1e24d 100644 --- a/cf-agent/verify_files.c +++ b/cf-agent/verify_files.c @@ -619,8 +619,6 @@ static PromiseResult VerifyFilePromise(EvalContext *ctx, char *path, const Promi PromiseResult render_result = WriteContentFromString(ctx, path, &a, pp); result = PromiseResultUpdate(result, render_result); - - goto exit; } /* Phase 3b - content editing */ From 313724ea7167c0b6d15e77245450b06551ec8e0e Mon Sep 17 00:00:00 2001 From: Lars Erik Wik Date: Mon, 4 Aug 2025 10:43:35 +0200 Subject: [PATCH 2/2] Test that fsattrs validation is not skipped with content attribute Added acceptance test to test that fsattrs validation is not skipped when combining it with the content attribute. Ticket: CFE-4569 Signed-off-by: Lars Erik Wik --- .../10_files/unsafe/13_immutable.cf | 75 +++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 tests/acceptance/10_files/unsafe/13_immutable.cf diff --git a/tests/acceptance/10_files/unsafe/13_immutable.cf b/tests/acceptance/10_files/unsafe/13_immutable.cf new file mode 100644 index 0000000000..a23715df19 --- /dev/null +++ b/tests/acceptance/10_files/unsafe/13_immutable.cf @@ -0,0 +1,75 @@ +############################################################################## +# +# Test that fsattrs validation is not skipped when combining it with the +# content attribute (see CFE-4569). +# +############################################################################## + +body common control +{ + inputs => { "../../default.cf.sub" }; + bundlesequence => { default("$(this.promise_filename)") }; + version => "1.0"; +} + +bundle agent global +{ + vars: + "testfile" + string => "/tmp/13_immutable.txt"; +} + +body fsattrs immutable(value) +{ + immutable => "$(value)"; +} + +bundle agent init +{ + files: + "$(global.testfile)" + delete => tidy, + depends_on => { "testfile is not immutable" }; + + commands: + "chattr -i $(global.testfile)" + contain => in_shell, + if => fileexists("$(global.testfile)"), + handle => "testfile is not immutable"; +} + +bundle agent test +{ + meta: + "description" -> { "CFE-4569" } + string => "Test that fsattrs validation is not skipped when combining it with the content attribute"; + + "test_skip_unsupported" + string => "hpux|aix|solaris|windows"; + + files: + "$(global.testfile)" + content => "You can't touch this", + fsattrs => immutable("true"); +} + +bundle agent check +{ + methods: + "check" + usebundle => dcs_passif_output(".*Immutable.*", "", "lsattr -l $(global.testfile)", "$(this.promise_filename)"); +} + +bundle agent destroy +{ + files: + "$(global.testfile)" + delete => tidy, + depends_on => { "testfile is no longer immutable" }; + + commands: + "chattr -i $(global.testfile)" + contain => in_shell, + if => fileexists("$(global.testfile)"), + handle => "testfile is no longer immutable"; +}