From 07180623f5557d4a128e0909498e12c7d117cc4b Mon Sep 17 00:00:00 2001 From: Chuck Short Date: Thu, 18 Oct 2018 11:01:28 -0400 Subject: [PATCH] Remove 'ln' command from rootwrap filter Remove 'ln' command from rootwrap filter and oslo.privsep. Change-Id: I78307620d4dd350656c3350aace2069c9929e850 Signed-off-by: Chuck Short --- cinder/backup/drivers/tsm.py | 5 ++--- cinder/privsep/path.py | 7 +++++++ cinder/tests/unit/backup/drivers/test_backup_tsm.py | 6 ++++-- cinder/tests/unit/volume/drivers/test_veritas_cnfs.py | 6 ++++-- cinder/volume/drivers/veritas_cnfs.py | 3 ++- etc/cinder/rootwrap.d/volume.filters | 3 --- 6 files changed, 19 insertions(+), 11 deletions(-) diff --git a/cinder/backup/drivers/tsm.py b/cinder/backup/drivers/tsm.py index ab2e1e82b7c..ab598bf4d81 100644 --- a/cinder/backup/drivers/tsm.py +++ b/cinder/backup/drivers/tsm.py @@ -37,6 +37,7 @@ from cinder.backup import driver from cinder import exception from cinder.i18n import _ from cinder import interface +import cinder.privsep.path from cinder import utils LOG = logging.getLogger(__name__) @@ -108,9 +109,7 @@ def _make_link(volume_path, backup_path, vol_id): """ try: - utils.execute('ln', volume_path, backup_path, - run_as_root=True, - check_exit_code=True) + cinder.privsep.path.symlink(volume_path, backup_path) except processutils.ProcessExecutionError as exc: err = (_('backup: %(vol_id)s failed to create device hardlink ' 'from %(vpath)s to %(bpath)s.\n' diff --git a/cinder/privsep/path.py b/cinder/privsep/path.py index b2caf27b86a..8ab98e54cb2 100644 --- a/cinder/privsep/path.py +++ b/cinder/privsep/path.py @@ -45,3 +45,10 @@ def touch(path): os.utime(path, None) else: open(path, 'a').close() + + +@cinder.privsep.sys_admin_pctxt.entrypoint +def symlink(src, dest): + if not os.path.exists(src): + raise exception.FileNotFound(file_path=src) + os.symlink(src, dest) diff --git a/cinder/tests/unit/backup/drivers/test_backup_tsm.py b/cinder/tests/unit/backup/drivers/test_backup_tsm.py index 3ae39cc5ccc..777308102df 100644 --- a/cinder/tests/unit/backup/drivers/test_backup_tsm.py +++ b/cinder/tests/unit/backup/drivers/test_backup_tsm.py @@ -265,7 +265,8 @@ class BackupTSMTestCase(test.TestCase): return db.backup_create(self.ctxt, backup)['id'] @mock.patch.object(tsm.os, 'stat', fake_stat_image) - def test_backup_image(self): + @mock.patch('cinder.privsep.path.symlink') + def test_backup_image(self, mock_symlink): volume_id = fake.VOLUME_ID mode = 'image' self._create_volume_db_entry(volume_id) @@ -299,7 +300,8 @@ class BackupTSMTestCase(test.TestCase): self.driver.delete_backup(backup1) @mock.patch.object(tsm.os, 'stat', fake_stat_file) - def test_backup_file(self): + @mock.patch('cinder.privsep.path.symlink') + def test_backup_file(self, mock_symlink): volume_id = fake.VOLUME_ID mode = 'file' self._create_volume_db_entry(volume_id) diff --git a/cinder/tests/unit/volume/drivers/test_veritas_cnfs.py b/cinder/tests/unit/volume/drivers/test_veritas_cnfs.py index 2d5dc0ebce5..cefd7e15262 100644 --- a/cinder/tests/unit/volume/drivers/test_veritas_cnfs.py +++ b/cinder/tests/unit/volume/drivers/test_veritas_cnfs.py @@ -98,13 +98,15 @@ class VeritasCNFSDriverTestCase(test.TestCase): volume = fake_volume.fake_volume_obj(self.context, provider_location=self._loc) snapshot = fake_volume.fake_volume_obj(self.context) - with mock.patch.object(drv, '_execute'): + with mock.patch('cinder.privsep.path.symlink'): m_exists.return_value = True drv._do_clone_volume(volume, volume.name, snapshot) @mock.patch.object(cnfs.VeritasCNFSDriver, '_get_local_volume_path') @mock.patch.object(os.path, 'exists') - def test_do_clone_volume_fail(self, m_exists, m_get_local_volume_path): + @mock.patch('cinder.privsep.path.symlink') + def test_do_clone_volume_fail( + self, m_symlink, m_exists, m_get_local_volume_path): """test _do_clone_volume() when filesnap over nfs is supported""" drv = self.driver volume = fake_volume.fake_volume_obj(self.context) diff --git a/cinder/volume/drivers/veritas_cnfs.py b/cinder/volume/drivers/veritas_cnfs.py index f22873d29f7..72697bb2c28 100644 --- a/cinder/volume/drivers/veritas_cnfs.py +++ b/cinder/volume/drivers/veritas_cnfs.py @@ -21,6 +21,7 @@ from oslo_utils import excutils from cinder import exception from cinder.i18n import _ from cinder import interface +import cinder.privsep.path from cinder.volume.drivers import nfs LOG = logging.getLogger(__name__) @@ -155,7 +156,7 @@ class VeritasCNFSDriver(nfs.NfsDriver): tgt_vol_path = self._get_local_volume_path(cnfs_share, tgt_vol_name) src_vol_path = self._get_local_volume_path(cnfs_share, src_vol_name) tgt_vol_path_spl = tgt_vol_path + "::snap:vxfs:" - self._execute('ln', src_vol_path, tgt_vol_path_spl, run_as_root=True) + cinder.privsep.path.symlink(src_vol_path, tgt_vol_path_spl) LOG.debug("VeritasNFSDriver: do_clone_volume %(src_vol_path)s " "%(tgt_vol_path)s %(tgt_vol_path_spl)s", {'src_vol_path': src_vol_path, diff --git a/etc/cinder/rootwrap.d/volume.filters b/etc/cinder/rootwrap.d/volume.filters index 13b3b702878..562ececc3e7 100644 --- a/etc/cinder/rootwrap.d/volume.filters +++ b/etc/cinder/rootwrap.d/volume.filters @@ -93,9 +93,6 @@ ionice_2: ChainingRegExpFilter, ionice, root, ionice, -c[0-3] # cinder/volume/utils.py: setup_blkio_cgroup() cgexec: ChainingRegExpFilter, cgexec, root, cgexec, -g, blkio:\S+ -# cinder/volume/driver.py -ln: CommandFilter, ln, root - # cinder/image/image_utils.py qemu-img: EnvFilter, env, root, LC_ALL=C, qemu-img qemu-img_convert: CommandFilter, qemu-img, root