Revert "Remove truncate from rootwrap filters"

This reverts commit a62c9dfdd4.

This did not account for cases where truncate is
called w/o elevated privileges.

Related-Bug: #1818504
Change-Id: I3cb85be854e68fda525cfebe254ce7c85d8e3d37
This commit is contained in:
Eric Harney 2019-03-06 10:07:16 -05:00
parent f5a733c084
commit ade7d89c2e
11 changed files with 38 additions and 45 deletions

View File

@ -27,8 +27,3 @@ import cinder.privsep
@cinder.privsep.sys_admin_pctxt.entrypoint
def umount(mountpoint):
processutils.execute('umount', mountpoint, attempts=1, delay_on_retry=True)
@cinder.privsep.sys_admin_pctxt.entrypoint
def truncate(size, path):
processutils.execute('truncate', '-s', size, path)

View File

@ -141,22 +141,22 @@ class TestNexentaNfsDriver(test.TestCase):
self.nef_mock.get.return_value = {}
self.drv.delete_volume(self.TEST_VOLUME)
self.nef_mock.delete.assert_called_with(
'storage/pools/pool/filesystems/share%2Fvolume-'
+ fake.VOLUME_ID + '?snapshots=true')
'storage/pools/pool/filesystems/share%2Fvolume-' +
fake.VOLUME_ID + '?snapshots=true')
def test_create_snapshot(self):
self._create_volume_db_entry()
self.drv.create_snapshot(self.TEST_SNAPSHOT)
url = ('storage/pools/pool/filesystems/share%2Fvolume-'
+ fake.VOLUME_ID + '/snapshots')
url = ('storage/pools/pool/filesystems/share%2Fvolume-' +
fake.VOLUME_ID + '/snapshots')
data = {'name': self.TEST_SNAPSHOT['name']}
self.nef_mock.post.assert_called_with(url, data)
def test_delete_snapshot(self):
self._create_volume_db_entry()
self.drv.delete_snapshot(self.TEST_SNAPSHOT)
url = ('storage/pools/pool/filesystems/share%2Fvolume-'
+ fake.VOLUME_ID + '/snapshots/snapshot1')
url = ('storage/pools/pool/filesystems/share%2Fvolume-' +
fake.VOLUME_ID + '/snapshots/snapshot1')
self.drv.delete_snapshot(self.TEST_SNAPSHOT)
self.nef_mock.delete.assert_called_with(url)
@ -185,15 +185,18 @@ class TestNexentaNfsDriver(test.TestCase):
@patch('cinder.volume.drivers.nexenta.ns5.nfs.'
'NexentaNfsDriver.local_path')
@patch('cinder.privsep.fs.truncate')
def test_extend_volume_sparsed(self, mock_truncate, path):
@patch('oslo_concurrency.processutils.execute')
def test_extend_volume_sparsed(self, _execute, path):
self._create_volume_db_entry()
path.return_value = 'path'
self.drv.extend_volume(self.TEST_VOLUME, 2)
mock_truncate.assert_called_once_with(
'2G', 'path')
_execute.assert_called_with(
'truncate', '-s', '2G',
'path',
root_helper='sudo cinder-rootwrap /etc/cinder/rootwrap.conf',
run_as_root=True)
@patch('cinder.volume.drivers.nexenta.ns5.nfs.'
'NexentaNfsDriver.local_path')

View File

@ -648,8 +648,7 @@ class GPFSDriverTestCase(test.TestCase):
fake_fs_release = org_fake_fs_release
@mock.patch('cinder.utils.execute')
@mock.patch('cinder.privsep.fs.truncate')
def test_create_sparse_file(self, mock_truncate, mock_exec):
def test_create_sparse_file(self, mock_exec):
self.driver._create_sparse_file('', 100)
@mock.patch('cinder.utils.execute')

View File

@ -27,7 +27,6 @@ from oslo_utils import units
from cinder import context
from cinder import exception
from cinder.image import image_utils
import cinder.privsep.fs as privsep
from cinder import test
from cinder.tests.unit import fake_snapshot
from cinder.tests.unit import fake_volume
@ -58,10 +57,10 @@ class RemoteFsDriverTestCase(test.TestCase):
self._execute = mock_exc.start()
self.addCleanup(mock_exc.stop)
@mock.patch('cinder.privsep.fs.truncate')
def test_create_sparsed_file(self, mock_truncate):
def test_create_sparsed_file(self):
self._driver._create_sparsed_file('/path', 1)
mock_truncate.assert_called_with('1G', '/path')
self._execute.assert_called_once_with('truncate', '-s', '1G',
'/path', run_as_root=True)
def test_create_regular_file(self):
self._driver._create_regular_file('/path', 1)
@ -1276,7 +1275,6 @@ class NfsDriverTestCase(test.TestCase):
self.mock_object(drv, '_create_regular_file')
self.mock_object(drv, '_set_rw_permissions')
self.mock_object(drv, '_read_file')
self.mock_object(privsep, 'truncate')
ret = drv.create_volume_from_snapshot(new_volume, fake_snap)

View File

@ -50,8 +50,8 @@ class RemoteFsSnapDriverTestCase(test.TestCase):
self._fake_volume_path = os.path.join(self._FAKE_MNT_POINT,
self._fake_volume.name)
self._fake_snapshot = fake_snapshot.fake_snapshot_obj(self.context)
self._fake_snapshot_path = (self._fake_volume_path + '.'
+ self._fake_snapshot.id)
self._fake_snapshot_path = (self._fake_volume_path + '.' +
self._fake_snapshot.id)
self._fake_snapshot.volume = self._fake_volume
@ddt.data({'current_state': 'in-use',
@ -718,9 +718,7 @@ class RemoteFsSnapDriverTestCase(test.TestCase):
@mock.patch('json.dump')
@mock.patch('cinder.volume.drivers.remotefs.open')
@mock.patch('os.path.exists')
@mock.patch('cinder.privsep.fs.truncate')
def test_write_info_file(self,
mock_truncate,
mock_os_path_exists,
mock_open,
mock_json_dump,
@ -743,8 +741,9 @@ class RemoteFsSnapDriverTestCase(test.TestCase):
self._driver._execute.assert_not_called()
self._driver._set_rw_permissions.assert_not_called()
else:
mock_truncate.assert_called_once_with(
0, fake_info_path)
self._driver._execute.assert_called_once_with(
'truncate', "-s0", fake_info_path,
run_as_root=self._driver._execute_as_root)
self._driver._set_rw_permissions.assert_called_once_with(
fake_info_path)
@ -869,8 +868,8 @@ class RevertToSnapshotMixinTestCase(test.TestCase):
self._fake_volume_path = os.path.join(self._FAKE_MNT_POINT,
self._fake_volume.name)
self._fake_snapshot = fake_snapshot.fake_snapshot_obj(self.context)
self._fake_snapshot_path = (self._fake_volume_path + '.'
+ self._fake_snapshot.id)
self._fake_snapshot_path = (self._fake_volume_path + '.' +
self._fake_snapshot.id)
self._fake_snapshot_name = os.path.basename(
self._fake_snapshot_path)
self._fake_snapshot.volume = self._fake_volume

View File

@ -162,9 +162,8 @@ class VeritasCNFSDriverTestCase(test.TestCase):
@mock.patch.object(cnfs.VeritasCNFSDriver, '_do_clone_volume')
@mock.patch.object(cnfs.VeritasCNFSDriver, 'local_path')
@mock.patch('cinder.privsep.fs.truncate')
def test_create_volume_from_snapshot_greater_size(
self, mock_truncate, m_local_path, m_do_clone_volume):
def test_create_volume_from_snapshot_greater_size(self, m_local_path,
m_do_clone_volume):
"""test create volume from snapshot with greater volume size"""
drv = self.driver
volume = fake_volume.fake_volume_obj(self.context)

View File

@ -34,7 +34,6 @@ from cinder.i18n import _
from cinder.image import image_utils
from cinder import interface
from cinder.objects import fields
import cinder.privsep.fs
from cinder import utils
from cinder.volume import configuration
from cinder.volume import driver
@ -489,7 +488,7 @@ class GPFSDriver(driver.CloneableImageVD,
"""Creates file with 0 disk usage."""
sizestr = _sizestr(size)
cinder.privsep.fs.truncate(sizestr, path)
self.gpfs_execute('truncate', '-s', sizestr, path)
def _allocate_file_blocks(self, path, size):
"""Preallocate file blocks by writing zeros."""

View File

@ -24,7 +24,6 @@ from cinder import db
from cinder import exception
from cinder.i18n import _
from cinder import interface
import cinder.privsep.fs
from cinder.volume.drivers.nexenta.ns5 import jsonrpc
from cinder.volume.drivers.nexenta import options
from cinder.volume.drivers.nexenta import utils
@ -242,12 +241,13 @@ class NexentaNfsDriver(nfs.NfsDriver):
LOG.info('Extending volume: %(id)s New size: %(size)s GB',
{'id': volume['id'], 'size': new_size})
if self.sparsed_volumes:
cinder.privsep.fs.truncate('%sG' % new_size,
self.local_path(volume))
self._execute('truncate', '-s', '%sG' % new_size,
self.local_path(volume),
run_as_root=self._execute_as_root)
else:
block_size_mb = 1
block_count = ((new_size - volume['size']) * units.Gi
// (block_size_mb * units.Mi))
block_count = ((new_size - volume['size']) * units.Gi //
(block_size_mb * units.Mi))
self._execute(
'dd', 'if=/dev/zero',
'seek=%d' % (volume['size'] * units.Gi / block_size_mb),

View File

@ -38,7 +38,6 @@ from cinder import exception
from cinder.i18n import _
from cinder.image import image_utils
from cinder.objects import fields
import cinder.privsep.fs
from cinder import utils
from cinder.volume import configuration
from cinder.volume import driver
@ -380,7 +379,8 @@ class RemoteFSDriver(driver.BaseVD):
def _create_sparsed_file(self, path, size):
"""Creates a sparse file of a given size in GiB."""
cinder.privsep.fs.truncate('%sG' % size, path)
self._execute('truncate', '-s', '%sG' % size,
path, run_as_root=self._execute_as_root)
def _create_regular_file(self, path, size):
"""Creates a regular file of given size in GiB."""
@ -753,7 +753,8 @@ class RemoteFSSnapDriverBase(RemoteFSDriver):
if not (os.path.exists(info_path) or os.name == 'nt'):
# We're not managing file permissions on Windows.
# Plus, 'truncate' is not available.
cinder.privsep.fs.truncate(0, info_path)
self._execute('truncate', "-s0", info_path,
run_as_root=self._execute_as_root)
self._set_rw_permissions(info_path)
with open(info_path, 'w') as f:

View File

@ -21,7 +21,6 @@ from oslo_utils import excutils
from cinder import exception
from cinder.i18n import _
from cinder import interface
import cinder.privsep.fs
import cinder.privsep.path
from cinder.volume.drivers import nfs
@ -173,7 +172,7 @@ class VeritasCNFSDriver(nfs.NfsDriver):
def extend_volume(self, volume, size):
"""Extend the volume to new size"""
path = self.local_path(volume)
cinder.privsep.fs.truncate('%sG' % size, path)
self._execute('truncate', '-s', '%sG' % size, path, run_as_root=True)
LOG.debug("VeritasNFSDriver: extend_volume volume_id = %s", volume.id)
def _update_volume_stats(self):

View File

@ -86,6 +86,7 @@ stat: CommandFilter, stat, root
mount: CommandFilter, mount, root
df: CommandFilter, df, root
du: CommandFilter, du, root
truncate: CommandFilter, truncate, root
chmod: CommandFilter, chmod, root
rm: CommandFilter, rm, root