Revert "Remove truncate from rootwrap filters"
This reverts commit a62c9dfdd4
.
This did not account for cases where truncate is
called w/o elevated privileges.
Related-Bug: #1818504
Change-Id: I3cb85be854e68fda525cfebe254ce7c85d8e3d37
This commit is contained in:
parent
f5a733c084
commit
ade7d89c2e
@ -27,8 +27,3 @@ import cinder.privsep
|
|||||||
@cinder.privsep.sys_admin_pctxt.entrypoint
|
@cinder.privsep.sys_admin_pctxt.entrypoint
|
||||||
def umount(mountpoint):
|
def umount(mountpoint):
|
||||||
processutils.execute('umount', mountpoint, attempts=1, delay_on_retry=True)
|
processutils.execute('umount', mountpoint, attempts=1, delay_on_retry=True)
|
||||||
|
|
||||||
|
|
||||||
@cinder.privsep.sys_admin_pctxt.entrypoint
|
|
||||||
def truncate(size, path):
|
|
||||||
processutils.execute('truncate', '-s', size, path)
|
|
||||||
|
@ -141,22 +141,22 @@ class TestNexentaNfsDriver(test.TestCase):
|
|||||||
self.nef_mock.get.return_value = {}
|
self.nef_mock.get.return_value = {}
|
||||||
self.drv.delete_volume(self.TEST_VOLUME)
|
self.drv.delete_volume(self.TEST_VOLUME)
|
||||||
self.nef_mock.delete.assert_called_with(
|
self.nef_mock.delete.assert_called_with(
|
||||||
'storage/pools/pool/filesystems/share%2Fvolume-'
|
'storage/pools/pool/filesystems/share%2Fvolume-' +
|
||||||
+ fake.VOLUME_ID + '?snapshots=true')
|
fake.VOLUME_ID + '?snapshots=true')
|
||||||
|
|
||||||
def test_create_snapshot(self):
|
def test_create_snapshot(self):
|
||||||
self._create_volume_db_entry()
|
self._create_volume_db_entry()
|
||||||
self.drv.create_snapshot(self.TEST_SNAPSHOT)
|
self.drv.create_snapshot(self.TEST_SNAPSHOT)
|
||||||
url = ('storage/pools/pool/filesystems/share%2Fvolume-'
|
url = ('storage/pools/pool/filesystems/share%2Fvolume-' +
|
||||||
+ fake.VOLUME_ID + '/snapshots')
|
fake.VOLUME_ID + '/snapshots')
|
||||||
data = {'name': self.TEST_SNAPSHOT['name']}
|
data = {'name': self.TEST_SNAPSHOT['name']}
|
||||||
self.nef_mock.post.assert_called_with(url, data)
|
self.nef_mock.post.assert_called_with(url, data)
|
||||||
|
|
||||||
def test_delete_snapshot(self):
|
def test_delete_snapshot(self):
|
||||||
self._create_volume_db_entry()
|
self._create_volume_db_entry()
|
||||||
self.drv.delete_snapshot(self.TEST_SNAPSHOT)
|
self.drv.delete_snapshot(self.TEST_SNAPSHOT)
|
||||||
url = ('storage/pools/pool/filesystems/share%2Fvolume-'
|
url = ('storage/pools/pool/filesystems/share%2Fvolume-' +
|
||||||
+ fake.VOLUME_ID + '/snapshots/snapshot1')
|
fake.VOLUME_ID + '/snapshots/snapshot1')
|
||||||
self.drv.delete_snapshot(self.TEST_SNAPSHOT)
|
self.drv.delete_snapshot(self.TEST_SNAPSHOT)
|
||||||
self.nef_mock.delete.assert_called_with(url)
|
self.nef_mock.delete.assert_called_with(url)
|
||||||
|
|
||||||
@ -185,15 +185,18 @@ class TestNexentaNfsDriver(test.TestCase):
|
|||||||
|
|
||||||
@patch('cinder.volume.drivers.nexenta.ns5.nfs.'
|
@patch('cinder.volume.drivers.nexenta.ns5.nfs.'
|
||||||
'NexentaNfsDriver.local_path')
|
'NexentaNfsDriver.local_path')
|
||||||
@patch('cinder.privsep.fs.truncate')
|
@patch('oslo_concurrency.processutils.execute')
|
||||||
def test_extend_volume_sparsed(self, mock_truncate, path):
|
def test_extend_volume_sparsed(self, _execute, path):
|
||||||
self._create_volume_db_entry()
|
self._create_volume_db_entry()
|
||||||
path.return_value = 'path'
|
path.return_value = 'path'
|
||||||
|
|
||||||
self.drv.extend_volume(self.TEST_VOLUME, 2)
|
self.drv.extend_volume(self.TEST_VOLUME, 2)
|
||||||
|
|
||||||
mock_truncate.assert_called_once_with(
|
_execute.assert_called_with(
|
||||||
'2G', 'path')
|
'truncate', '-s', '2G',
|
||||||
|
'path',
|
||||||
|
root_helper='sudo cinder-rootwrap /etc/cinder/rootwrap.conf',
|
||||||
|
run_as_root=True)
|
||||||
|
|
||||||
@patch('cinder.volume.drivers.nexenta.ns5.nfs.'
|
@patch('cinder.volume.drivers.nexenta.ns5.nfs.'
|
||||||
'NexentaNfsDriver.local_path')
|
'NexentaNfsDriver.local_path')
|
||||||
|
@ -648,8 +648,7 @@ class GPFSDriverTestCase(test.TestCase):
|
|||||||
fake_fs_release = org_fake_fs_release
|
fake_fs_release = org_fake_fs_release
|
||||||
|
|
||||||
@mock.patch('cinder.utils.execute')
|
@mock.patch('cinder.utils.execute')
|
||||||
@mock.patch('cinder.privsep.fs.truncate')
|
def test_create_sparse_file(self, mock_exec):
|
||||||
def test_create_sparse_file(self, mock_truncate, mock_exec):
|
|
||||||
self.driver._create_sparse_file('', 100)
|
self.driver._create_sparse_file('', 100)
|
||||||
|
|
||||||
@mock.patch('cinder.utils.execute')
|
@mock.patch('cinder.utils.execute')
|
||||||
|
@ -27,7 +27,6 @@ from oslo_utils import units
|
|||||||
from cinder import context
|
from cinder import context
|
||||||
from cinder import exception
|
from cinder import exception
|
||||||
from cinder.image import image_utils
|
from cinder.image import image_utils
|
||||||
import cinder.privsep.fs as privsep
|
|
||||||
from cinder import test
|
from cinder import test
|
||||||
from cinder.tests.unit import fake_snapshot
|
from cinder.tests.unit import fake_snapshot
|
||||||
from cinder.tests.unit import fake_volume
|
from cinder.tests.unit import fake_volume
|
||||||
@ -58,10 +57,10 @@ class RemoteFsDriverTestCase(test.TestCase):
|
|||||||
self._execute = mock_exc.start()
|
self._execute = mock_exc.start()
|
||||||
self.addCleanup(mock_exc.stop)
|
self.addCleanup(mock_exc.stop)
|
||||||
|
|
||||||
@mock.patch('cinder.privsep.fs.truncate')
|
def test_create_sparsed_file(self):
|
||||||
def test_create_sparsed_file(self, mock_truncate):
|
|
||||||
self._driver._create_sparsed_file('/path', 1)
|
self._driver._create_sparsed_file('/path', 1)
|
||||||
mock_truncate.assert_called_with('1G', '/path')
|
self._execute.assert_called_once_with('truncate', '-s', '1G',
|
||||||
|
'/path', run_as_root=True)
|
||||||
|
|
||||||
def test_create_regular_file(self):
|
def test_create_regular_file(self):
|
||||||
self._driver._create_regular_file('/path', 1)
|
self._driver._create_regular_file('/path', 1)
|
||||||
@ -1276,7 +1275,6 @@ class NfsDriverTestCase(test.TestCase):
|
|||||||
self.mock_object(drv, '_create_regular_file')
|
self.mock_object(drv, '_create_regular_file')
|
||||||
self.mock_object(drv, '_set_rw_permissions')
|
self.mock_object(drv, '_set_rw_permissions')
|
||||||
self.mock_object(drv, '_read_file')
|
self.mock_object(drv, '_read_file')
|
||||||
self.mock_object(privsep, 'truncate')
|
|
||||||
|
|
||||||
ret = drv.create_volume_from_snapshot(new_volume, fake_snap)
|
ret = drv.create_volume_from_snapshot(new_volume, fake_snap)
|
||||||
|
|
||||||
|
@ -50,8 +50,8 @@ class RemoteFsSnapDriverTestCase(test.TestCase):
|
|||||||
self._fake_volume_path = os.path.join(self._FAKE_MNT_POINT,
|
self._fake_volume_path = os.path.join(self._FAKE_MNT_POINT,
|
||||||
self._fake_volume.name)
|
self._fake_volume.name)
|
||||||
self._fake_snapshot = fake_snapshot.fake_snapshot_obj(self.context)
|
self._fake_snapshot = fake_snapshot.fake_snapshot_obj(self.context)
|
||||||
self._fake_snapshot_path = (self._fake_volume_path + '.'
|
self._fake_snapshot_path = (self._fake_volume_path + '.' +
|
||||||
+ self._fake_snapshot.id)
|
self._fake_snapshot.id)
|
||||||
self._fake_snapshot.volume = self._fake_volume
|
self._fake_snapshot.volume = self._fake_volume
|
||||||
|
|
||||||
@ddt.data({'current_state': 'in-use',
|
@ddt.data({'current_state': 'in-use',
|
||||||
@ -718,9 +718,7 @@ class RemoteFsSnapDriverTestCase(test.TestCase):
|
|||||||
@mock.patch('json.dump')
|
@mock.patch('json.dump')
|
||||||
@mock.patch('cinder.volume.drivers.remotefs.open')
|
@mock.patch('cinder.volume.drivers.remotefs.open')
|
||||||
@mock.patch('os.path.exists')
|
@mock.patch('os.path.exists')
|
||||||
@mock.patch('cinder.privsep.fs.truncate')
|
|
||||||
def test_write_info_file(self,
|
def test_write_info_file(self,
|
||||||
mock_truncate,
|
|
||||||
mock_os_path_exists,
|
mock_os_path_exists,
|
||||||
mock_open,
|
mock_open,
|
||||||
mock_json_dump,
|
mock_json_dump,
|
||||||
@ -743,8 +741,9 @@ class RemoteFsSnapDriverTestCase(test.TestCase):
|
|||||||
self._driver._execute.assert_not_called()
|
self._driver._execute.assert_not_called()
|
||||||
self._driver._set_rw_permissions.assert_not_called()
|
self._driver._set_rw_permissions.assert_not_called()
|
||||||
else:
|
else:
|
||||||
mock_truncate.assert_called_once_with(
|
self._driver._execute.assert_called_once_with(
|
||||||
0, fake_info_path)
|
'truncate', "-s0", fake_info_path,
|
||||||
|
run_as_root=self._driver._execute_as_root)
|
||||||
self._driver._set_rw_permissions.assert_called_once_with(
|
self._driver._set_rw_permissions.assert_called_once_with(
|
||||||
fake_info_path)
|
fake_info_path)
|
||||||
|
|
||||||
@ -869,8 +868,8 @@ class RevertToSnapshotMixinTestCase(test.TestCase):
|
|||||||
self._fake_volume_path = os.path.join(self._FAKE_MNT_POINT,
|
self._fake_volume_path = os.path.join(self._FAKE_MNT_POINT,
|
||||||
self._fake_volume.name)
|
self._fake_volume.name)
|
||||||
self._fake_snapshot = fake_snapshot.fake_snapshot_obj(self.context)
|
self._fake_snapshot = fake_snapshot.fake_snapshot_obj(self.context)
|
||||||
self._fake_snapshot_path = (self._fake_volume_path + '.'
|
self._fake_snapshot_path = (self._fake_volume_path + '.' +
|
||||||
+ self._fake_snapshot.id)
|
self._fake_snapshot.id)
|
||||||
self._fake_snapshot_name = os.path.basename(
|
self._fake_snapshot_name = os.path.basename(
|
||||||
self._fake_snapshot_path)
|
self._fake_snapshot_path)
|
||||||
self._fake_snapshot.volume = self._fake_volume
|
self._fake_snapshot.volume = self._fake_volume
|
||||||
|
@ -162,9 +162,8 @@ class VeritasCNFSDriverTestCase(test.TestCase):
|
|||||||
|
|
||||||
@mock.patch.object(cnfs.VeritasCNFSDriver, '_do_clone_volume')
|
@mock.patch.object(cnfs.VeritasCNFSDriver, '_do_clone_volume')
|
||||||
@mock.patch.object(cnfs.VeritasCNFSDriver, 'local_path')
|
@mock.patch.object(cnfs.VeritasCNFSDriver, 'local_path')
|
||||||
@mock.patch('cinder.privsep.fs.truncate')
|
def test_create_volume_from_snapshot_greater_size(self, m_local_path,
|
||||||
def test_create_volume_from_snapshot_greater_size(
|
m_do_clone_volume):
|
||||||
self, mock_truncate, m_local_path, m_do_clone_volume):
|
|
||||||
"""test create volume from snapshot with greater volume size"""
|
"""test create volume from snapshot with greater volume size"""
|
||||||
drv = self.driver
|
drv = self.driver
|
||||||
volume = fake_volume.fake_volume_obj(self.context)
|
volume = fake_volume.fake_volume_obj(self.context)
|
||||||
|
@ -34,7 +34,6 @@ from cinder.i18n import _
|
|||||||
from cinder.image import image_utils
|
from cinder.image import image_utils
|
||||||
from cinder import interface
|
from cinder import interface
|
||||||
from cinder.objects import fields
|
from cinder.objects import fields
|
||||||
import cinder.privsep.fs
|
|
||||||
from cinder import utils
|
from cinder import utils
|
||||||
from cinder.volume import configuration
|
from cinder.volume import configuration
|
||||||
from cinder.volume import driver
|
from cinder.volume import driver
|
||||||
@ -489,7 +488,7 @@ class GPFSDriver(driver.CloneableImageVD,
|
|||||||
"""Creates file with 0 disk usage."""
|
"""Creates file with 0 disk usage."""
|
||||||
|
|
||||||
sizestr = _sizestr(size)
|
sizestr = _sizestr(size)
|
||||||
cinder.privsep.fs.truncate(sizestr, path)
|
self.gpfs_execute('truncate', '-s', sizestr, path)
|
||||||
|
|
||||||
def _allocate_file_blocks(self, path, size):
|
def _allocate_file_blocks(self, path, size):
|
||||||
"""Preallocate file blocks by writing zeros."""
|
"""Preallocate file blocks by writing zeros."""
|
||||||
|
@ -24,7 +24,6 @@ from cinder import db
|
|||||||
from cinder import exception
|
from cinder import exception
|
||||||
from cinder.i18n import _
|
from cinder.i18n import _
|
||||||
from cinder import interface
|
from cinder import interface
|
||||||
import cinder.privsep.fs
|
|
||||||
from cinder.volume.drivers.nexenta.ns5 import jsonrpc
|
from cinder.volume.drivers.nexenta.ns5 import jsonrpc
|
||||||
from cinder.volume.drivers.nexenta import options
|
from cinder.volume.drivers.nexenta import options
|
||||||
from cinder.volume.drivers.nexenta import utils
|
from cinder.volume.drivers.nexenta import utils
|
||||||
@ -242,12 +241,13 @@ class NexentaNfsDriver(nfs.NfsDriver):
|
|||||||
LOG.info('Extending volume: %(id)s New size: %(size)s GB',
|
LOG.info('Extending volume: %(id)s New size: %(size)s GB',
|
||||||
{'id': volume['id'], 'size': new_size})
|
{'id': volume['id'], 'size': new_size})
|
||||||
if self.sparsed_volumes:
|
if self.sparsed_volumes:
|
||||||
cinder.privsep.fs.truncate('%sG' % new_size,
|
self._execute('truncate', '-s', '%sG' % new_size,
|
||||||
self.local_path(volume))
|
self.local_path(volume),
|
||||||
|
run_as_root=self._execute_as_root)
|
||||||
else:
|
else:
|
||||||
block_size_mb = 1
|
block_size_mb = 1
|
||||||
block_count = ((new_size - volume['size']) * units.Gi
|
block_count = ((new_size - volume['size']) * units.Gi //
|
||||||
// (block_size_mb * units.Mi))
|
(block_size_mb * units.Mi))
|
||||||
self._execute(
|
self._execute(
|
||||||
'dd', 'if=/dev/zero',
|
'dd', 'if=/dev/zero',
|
||||||
'seek=%d' % (volume['size'] * units.Gi / block_size_mb),
|
'seek=%d' % (volume['size'] * units.Gi / block_size_mb),
|
||||||
|
@ -38,7 +38,6 @@ from cinder import exception
|
|||||||
from cinder.i18n import _
|
from cinder.i18n import _
|
||||||
from cinder.image import image_utils
|
from cinder.image import image_utils
|
||||||
from cinder.objects import fields
|
from cinder.objects import fields
|
||||||
import cinder.privsep.fs
|
|
||||||
from cinder import utils
|
from cinder import utils
|
||||||
from cinder.volume import configuration
|
from cinder.volume import configuration
|
||||||
from cinder.volume import driver
|
from cinder.volume import driver
|
||||||
@ -380,7 +379,8 @@ class RemoteFSDriver(driver.BaseVD):
|
|||||||
|
|
||||||
def _create_sparsed_file(self, path, size):
|
def _create_sparsed_file(self, path, size):
|
||||||
"""Creates a sparse file of a given size in GiB."""
|
"""Creates a sparse file of a given size in GiB."""
|
||||||
cinder.privsep.fs.truncate('%sG' % size, path)
|
self._execute('truncate', '-s', '%sG' % size,
|
||||||
|
path, run_as_root=self._execute_as_root)
|
||||||
|
|
||||||
def _create_regular_file(self, path, size):
|
def _create_regular_file(self, path, size):
|
||||||
"""Creates a regular file of given size in GiB."""
|
"""Creates a regular file of given size in GiB."""
|
||||||
@ -753,7 +753,8 @@ class RemoteFSSnapDriverBase(RemoteFSDriver):
|
|||||||
if not (os.path.exists(info_path) or os.name == 'nt'):
|
if not (os.path.exists(info_path) or os.name == 'nt'):
|
||||||
# We're not managing file permissions on Windows.
|
# We're not managing file permissions on Windows.
|
||||||
# Plus, 'truncate' is not available.
|
# Plus, 'truncate' is not available.
|
||||||
cinder.privsep.fs.truncate(0, info_path)
|
self._execute('truncate', "-s0", info_path,
|
||||||
|
run_as_root=self._execute_as_root)
|
||||||
self._set_rw_permissions(info_path)
|
self._set_rw_permissions(info_path)
|
||||||
|
|
||||||
with open(info_path, 'w') as f:
|
with open(info_path, 'w') as f:
|
||||||
|
@ -21,7 +21,6 @@ from oslo_utils import excutils
|
|||||||
from cinder import exception
|
from cinder import exception
|
||||||
from cinder.i18n import _
|
from cinder.i18n import _
|
||||||
from cinder import interface
|
from cinder import interface
|
||||||
import cinder.privsep.fs
|
|
||||||
import cinder.privsep.path
|
import cinder.privsep.path
|
||||||
from cinder.volume.drivers import nfs
|
from cinder.volume.drivers import nfs
|
||||||
|
|
||||||
@ -173,7 +172,7 @@ class VeritasCNFSDriver(nfs.NfsDriver):
|
|||||||
def extend_volume(self, volume, size):
|
def extend_volume(self, volume, size):
|
||||||
"""Extend the volume to new size"""
|
"""Extend the volume to new size"""
|
||||||
path = self.local_path(volume)
|
path = self.local_path(volume)
|
||||||
cinder.privsep.fs.truncate('%sG' % size, path)
|
self._execute('truncate', '-s', '%sG' % size, path, run_as_root=True)
|
||||||
LOG.debug("VeritasNFSDriver: extend_volume volume_id = %s", volume.id)
|
LOG.debug("VeritasNFSDriver: extend_volume volume_id = %s", volume.id)
|
||||||
|
|
||||||
def _update_volume_stats(self):
|
def _update_volume_stats(self):
|
||||||
|
@ -86,6 +86,7 @@ stat: CommandFilter, stat, root
|
|||||||
mount: CommandFilter, mount, root
|
mount: CommandFilter, mount, root
|
||||||
df: CommandFilter, df, root
|
df: CommandFilter, df, root
|
||||||
du: CommandFilter, du, root
|
du: CommandFilter, du, root
|
||||||
|
truncate: CommandFilter, truncate, root
|
||||||
chmod: CommandFilter, chmod, root
|
chmod: CommandFilter, chmod, root
|
||||||
rm: CommandFilter, rm, root
|
rm: CommandFilter, rm, root
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user