diff options
author | Thierry Carrez <thierry@openstack.org> | 2012-02-29 16:22:42 +0100 |
---|---|---|
committer | Thierry Carrez <thierry@openstack.org> | 2012-03-01 10:35:41 +0100 |
commit | 73dfd4ea0d369cb1b88a4f66eb55f3587993b83a (patch) | |
tree | aa45f3f5a8530bc32b08cd303e7f95e023a389be | |
parent | ea201522d440c90e91e299910596c459fd3731cd (diff) | |
download | nova-73dfd4ea0d369cb1b88a4f66eb55f3587993b83a.tar.gz |
Add missing filters for new root commands
Add missing rootwrap filters for 'ovs-ofctl', 'cp' and 'mkfs'.
Do not run 'rm' as root since it's unnecessary.
Add documentation to try to prevent future misses.
Fixes bug 943293.
Change-Id: Ia680048a28a75f661a136d8447ff0aaf195649ba
-rwxr-xr-x | nova/rootwrap/compute.py | 9 | ||||
-rwxr-xr-x | nova/rootwrap/network.py | 3 | ||||
-rw-r--r-- | nova/utils.py | 2 | ||||
-rw-r--r-- | nova/virt/disk/api.py | 4 |
4 files changed, 16 insertions, 2 deletions
diff --git a/nova/rootwrap/compute.py b/nova/rootwrap/compute.py index 65e6dfebbd..445e797d4f 100755 --- a/nova/rootwrap/compute.py +++ b/nova/rootwrap/compute.py @@ -73,6 +73,9 @@ filterlist = [ # nova/virt/disk/api.py: 'chmod', 755, netdir filters.CommandFilter("/bin/chmod", "root"), + # nova/virt/disk/api.py: 'cp', os.path.join(fs... + filters.CommandFilter("/bin/cp", "root"), + # nova/virt/libvirt/vif.py: 'ip', 'tuntap', 'add', dev, 'mode', 'tap' # nova/virt/libvirt/vif.py: 'ip', 'link', 'set', dev, 'up' # nova/virt/libvirt/vif.py: 'ip', 'link', 'delete', dev @@ -102,6 +105,9 @@ filterlist = [ # nova/network/linux_net.py: 'ovs-vsctl', .... filters.CommandFilter("/usr/bin/ovs-vsctl", "root"), + # nova/network/linux_net.py: 'ovs-ofctl', .... + filters.CommandFilter("/usr/bin/ovs-ofctl", "root"), + # nova/virt/libvirt/connection.py: 'dd', "if=%s" % virsh_output, ... filters.CommandFilter("/bin/dd", "root"), @@ -169,6 +175,9 @@ filterlist = [ # nova/virt/xenapi/vm_utils.py: 'mkswap' filters.CommandFilter("/sbin/mkswap", "root"), + # nova/virt/xenapi/vm_utils.py: 'mkfs' + filters.CommandFilter("/sbin/mkfs", "root"), + # nova/virt/libvirt/connection.py: filters.ReadFileFilter("/etc/iscsi/initiatorname.iscsi"), ] diff --git a/nova/rootwrap/network.py b/nova/rootwrap/network.py index f9fd9b9c33..62fec18e49 100755 --- a/nova/rootwrap/network.py +++ b/nova/rootwrap/network.py @@ -83,4 +83,7 @@ filterlist = [ # nova/network/linux_net.py: 'ovs-vsctl', .... filters.CommandFilter("/usr/bin/ovs-vsctl", "root"), + + # nova/network/linux_net.py: 'ovs-ofctl', .... + filters.CommandFilter("/usr/bin/ovs-ofctl", "root"), ] diff --git a/nova/utils.py b/nova/utils.py index df008c0902..a224b38784 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -164,6 +164,8 @@ def fetchfile(url, target): def execute(*cmd, **kwargs): """ Helper method to execute command with optional retry. + If you add a run_as_root=True command, don't forget to add the + corresponding filter to nova.rootwrap ! :cmd Passed to subprocess.Popen. :process_input Send to opened process. diff --git a/nova/virt/disk/api.py b/nova/virt/disk/api.py index 42ad683a66..8fdc59b803 100644 --- a/nova/virt/disk/api.py +++ b/nova/virt/disk/api.py @@ -373,10 +373,10 @@ def _inject_admin_password_into_fs(admin_passwd, fs, execute=None): _set_passwd(admin_user, admin_passwd, tmp_passwd, tmp_shadow) utils.execute('cp', tmp_passwd, os.path.join(fs, 'etc', 'passwd'), run_as_root=True) - utils.execute('rm', tmp_passwd, run_as_root=True) + os.unlink(tmp_passwd) utils.execute('cp', tmp_shadow, os.path.join(fs, 'etc', 'shadow'), run_as_root=True) - utils.execute('rm', tmp_shadow, run_as_root=True) + os.unlink(tmp_shadow) def _set_passwd(username, admin_passwd, passwd_file, shadow_file): |