Azure · D1v38om83r · Oct 23, 2019 · Oct 21, 2019 · Oct 22, 2019 · Oct 22, 2019
diff --git a/misc/custom-script-shim b/misc/custom-script-shim
@@ -54,22 +54,42 @@ check_binary_write_lock() {
     set +e # disable exit on non-zero return code
     local retry_attempts=0
     while (( retry_attempts < 10 )); do
-        lsof_output="$(lsof ${bin})"
-        if [ "$?" -eq 0 ]; then
-            echo "${HANDLER_BIN} is open by the following processes: "
-            echo "${lsof_output}"
+        lsof_result="$(lsof -F ac ${bin})"
+        lsof_return_code=$?
+        if [ "$lsof_return_code" -eq 0 ]; then
+            #"lsof -F" outputs results in more parse-able format, "-F ac" option prints access mode and command name for process
+            #access mode and command names are prepended with a and c
+            file_mode="$(echo "$lsof_result" | awk 'match($0, /^a(.*)$/) {print $0}')"
+            process_name="$(echo "$lsof_result" | awk 'match($0, /^c(.*)$/) {print substr($0, RSTART+1, RLENGTH-1)}')"
+
+            found_write_lock=0
+            file_mode_array=($file_mode)
+            i=0
+            for name in $process_name
+            do
+                file_handle_mode=${file_mode_array[$i]}
+                echo "$name has access mode '$file_handle_mode' file handle on ${HANDLER_BIN}"
+                ## w and u are file descriptor modes for write and read/write access
+                if [[ $file_handle_mode == "aw" ]] || [[ $file_handle_mode == "au" ]]; then
+                    found_write_lock=1
+                fi
+                ((++i))
+            done
+            if [ "$found_write_lock" -eq 0 ]; then
+                # did not find write lock on any file no need to wait or retry
+                break
+            fi
             ((++retry_attempts))
+            echo "waiting for process(es) with write handle on ${HANDLER_BIN}"
             echo "sleeping for 3 seconds before retry, attempt ${retry_attempts} of 10"
             sleep 3
         else
-            set -e
-            return 0 #Success path
+            break
         fi
     done
-    echo "Timed out waiting for lock on ${HANDLER_BIN}"
-    echo "File handle is still open by the following processes: "
-    echo "${lsof_output}"
-    exit 1
+    # do not return error if file descriptor is open after retries expire, make a best effort attempt to start custom-script-extension
+    set -e
+    return 0
 }
 
 if [ "$#" -ne 1 ]; then

diff --git a/misc/manifest.xml b/misc/manifest.xml
@@ -2,7 +2,7 @@
 <ExtensionImage xmlns="http://schemas.microsoft.com/windowsazure">
   <ProviderNameSpace>Microsoft.Azure.Extensions</ProviderNameSpace>
   <Type>CustomScript</Type>
-  <Version>2.1.1</Version>
+  <Version>2.1.2</Version>
   <Label>Microsoft Azure Custom Script Extension for Linux Virtual Machines</Label>
   <HostingResources>VmRole</HostingResources>
   <MediaLink></MediaLink>

diff --git a/pkg/download/blobwithmsitoken.go b/pkg/download/blobwithmsitoken.go
@@ -60,8 +60,8 @@ func GetMsiProviderForStorageAccountsImplicitly(blobUri string) MsiProvider {
 	return func() (msi.Msi, error) {
 		msi, err := msiProvider.GetMsiForResource(GetResourceNameFromBlobUri(blobUri))
 		if err != nil {
-			return msi, errors.Wrapf(err, "Unable to get managed identity. "+
-				"Please make sure that system assigned managed identity is enabled on the VM "+
+			return msi, fmt.Errorf("Unable to get managed identity. " +
+				"Please make sure that system assigned managed identity is enabled on the VM " +
 				"or user assigned identity is added to the system.")
 		}
 		return msi, nil
@@ -73,7 +73,7 @@ func GetMsiProviderForStorageAccountsWithClientId(blobUri, clientId string) MsiP
 	return func() (msi.Msi, error) {
 		msi, err := msiProvider.GetMsiUsingClientId(clientId, GetResourceNameFromBlobUri(blobUri))
 		if err != nil {
-			return msi, errors.Wrapf(err, "Unable to get managed identity with client id %s. "+
+			return msi, fmt.Errorf("Unable to get managed identity with client id %s. "+
 				"Please make sure that the user assigned managed identity is added to the VM ", clientId)
 		}
 		return msi, nil
@@ -85,7 +85,7 @@ func GetMsiProviderForStorageAccountsWithObjectId(blobUri, objectId string) MsiP
 	return func() (msi.Msi, error) {
 		msi, err := msiProvider.GetMsiUsingObjectId(objectId, GetResourceNameFromBlobUri(blobUri))
 		if err != nil {
-			return msi, errors.Wrapf(err, "Unable to get managed identity with object id %s. "+
+			return msi, fmt.Errorf("Unable to get managed identity with object id %s. "+
 				"Please make sure that the user assigned managed identity is added to the VM ", objectId)
 		}
 		return msi, nil