Browse Source

Remove 'ln' command from rootwrap filter

Remove 'ln' command from rootwrap filter and oslo.privsep.

Change-Id: I78307620d4dd350656c3350aace2069c9929e850
Signed-off-by: Chuck Short <chucks@redhat.com>
changes/45/611645/3
Chuck Short 3 years ago
parent
commit
07180623f5
  1. 5
      cinder/backup/drivers/tsm.py
  2. 7
      cinder/privsep/path.py
  3. 6
      cinder/tests/unit/backup/drivers/test_backup_tsm.py
  4. 6
      cinder/tests/unit/volume/drivers/test_veritas_cnfs.py
  5. 3
      cinder/volume/drivers/veritas_cnfs.py
  6. 3
      etc/cinder/rootwrap.d/volume.filters

5
cinder/backup/drivers/tsm.py

@ -37,6 +37,7 @@ from cinder.backup import driver
from cinder import exception
from cinder.i18n import _
from cinder import interface
import cinder.privsep.path
from cinder import utils
LOG = logging.getLogger(__name__)
@ -108,9 +109,7 @@ def _make_link(volume_path, backup_path, vol_id):
"""
try:
utils.execute('ln', volume_path, backup_path,
run_as_root=True,
check_exit_code=True)
cinder.privsep.path.symlink(volume_path, backup_path)
except processutils.ProcessExecutionError as exc:
err = (_('backup: %(vol_id)s failed to create device hardlink '
'from %(vpath)s to %(bpath)s.\n'

7
cinder/privsep/path.py

@ -45,3 +45,10 @@ def touch(path):
os.utime(path, None)
else:
open(path, 'a').close()
@cinder.privsep.sys_admin_pctxt.entrypoint
def symlink(src, dest):
if not os.path.exists(src):
raise exception.FileNotFound(file_path=src)
os.symlink(src, dest)

6
cinder/tests/unit/backup/drivers/test_backup_tsm.py

@ -265,7 +265,8 @@ class BackupTSMTestCase(test.TestCase):
return db.backup_create(self.ctxt, backup)['id']
@mock.patch.object(tsm.os, 'stat', fake_stat_image)
def test_backup_image(self):
@mock.patch('cinder.privsep.path.symlink')
def test_backup_image(self, mock_symlink):
volume_id = fake.VOLUME_ID
mode = 'image'
self._create_volume_db_entry(volume_id)
@ -299,7 +300,8 @@ class BackupTSMTestCase(test.TestCase):
self.driver.delete_backup(backup1)
@mock.patch.object(tsm.os, 'stat', fake_stat_file)
def test_backup_file(self):
@mock.patch('cinder.privsep.path.symlink')
def test_backup_file(self, mock_symlink):
volume_id = fake.VOLUME_ID
mode = 'file'
self._create_volume_db_entry(volume_id)

6
cinder/tests/unit/volume/drivers/test_veritas_cnfs.py

@ -98,13 +98,15 @@ class VeritasCNFSDriverTestCase(test.TestCase):
volume = fake_volume.fake_volume_obj(self.context,
provider_location=self._loc)
snapshot = fake_volume.fake_volume_obj(self.context)
with mock.patch.object(drv, '_execute'):
with mock.patch('cinder.privsep.path.symlink'):
m_exists.return_value = True
drv._do_clone_volume(volume, volume.name, snapshot)
@mock.patch.object(cnfs.VeritasCNFSDriver, '_get_local_volume_path')
@mock.patch.object(os.path, 'exists')
def test_do_clone_volume_fail(self, m_exists, m_get_local_volume_path):
@mock.patch('cinder.privsep.path.symlink')
def test_do_clone_volume_fail(
self, m_symlink, m_exists, m_get_local_volume_path):
"""test _do_clone_volume() when filesnap over nfs is supported"""
drv = self.driver
volume = fake_volume.fake_volume_obj(self.context)

3
cinder/volume/drivers/veritas_cnfs.py

@ -21,6 +21,7 @@ from oslo_utils import excutils
from cinder import exception
from cinder.i18n import _
from cinder import interface
import cinder.privsep.path
from cinder.volume.drivers import nfs
LOG = logging.getLogger(__name__)
@ -155,7 +156,7 @@ class VeritasCNFSDriver(nfs.NfsDriver):
tgt_vol_path = self._get_local_volume_path(cnfs_share, tgt_vol_name)
src_vol_path = self._get_local_volume_path(cnfs_share, src_vol_name)
tgt_vol_path_spl = tgt_vol_path + "::snap:vxfs:"
self._execute('ln', src_vol_path, tgt_vol_path_spl, run_as_root=True)
cinder.privsep.path.symlink(src_vol_path, tgt_vol_path_spl)
LOG.debug("VeritasNFSDriver: do_clone_volume %(src_vol_path)s "
"%(tgt_vol_path)s %(tgt_vol_path_spl)s",
{'src_vol_path': src_vol_path,

3
etc/cinder/rootwrap.d/volume.filters

@ -93,9 +93,6 @@ ionice_2: ChainingRegExpFilter, ionice, root, ionice, -c[0-3]
# cinder/volume/utils.py: setup_blkio_cgroup()
cgexec: ChainingRegExpFilter, cgexec, root, cgexec, -g, blkio:\S+
# cinder/volume/driver.py
ln: CommandFilter, ln, root
# cinder/image/image_utils.py
qemu-img: EnvFilter, env, root, LC_ALL=C, qemu-img
qemu-img_convert: CommandFilter, qemu-img, root

Loading…
Cancel
Save