| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add syslogging capabilities to nova-rootwrap, if you set parameter
use_syslog to True. You can specify a facility (syslog_log_facility)
and level (syslog_log_level) to use. Finalizes bp nova-rootwrap-options.
In doing so, it moves rootwrap config parsing to a nova.rootwrap.wrapper
object (and adds unit testing for it). It also improves log messages
content (including the name of the matching filter and the escalation
path used). Incidentally fixes bug 1084766.
Change-Id: Idb8cd9c9febd6263dafab4bc2bff817f00c53dc0
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds support for a configurable set of trusted directories to search
executables in (exec_dirs), which defaults to system PATH. If your
filter specifies an exec_path that doesn't start with '/', then it
will be searched in exec_dirs. Avoids having to write multiple
filters to care for distro differences. Fixes bug 1079723.
Also returns a specific error rather than try to run absent executables.
Change-Id: Idab03bb0be6832a75ffeed4e78d25d0543f5caf9
|
|
Move rootwrap filters definition from being defined within Nova
code to being defined in configuration files to facilitate pluging-in
new rootwrap commands.
Transition notes:
* nova-rootwrap now requires an additional (first) parameter pointing
to the root-owned rootwrap.conf file, sudoers needs to be updated
to specify that ("nova-rootwrap /etc/nova/rootwrap.conf *")
* Packagers should ship {compute,network,volume}.filters inside a
directory listed in rootwrap.conf rather than shipping
nova/rootwrap/{compute,network,volume}.py
* Filter definitions now only support strings. The KillFilter (which was
using arrays as parameters) was modified and the tests updated.
Implements bp nova-rootwrap-pluggable-filters
Corresponding devstack change needs to land first, so that tests pass:
https://review.openstack.org/8842
Change-Id: I2350154cd8057bd57926ed542de035626f7de37d
|