diff --git a/docker/swift/swift-base/Dockerfile.j2 b/docker/swift/swift-base/Dockerfile.j2 index 6ef3db1241..adc2a6fd84 100644 --- a/docker/swift/swift-base/Dockerfile.j2 +++ b/docker/swift/swift-base/Dockerfile.j2 @@ -58,14 +58,9 @@ RUN ln -s swift-base-source/* swift \ && chown -R swift: /etc/swift /var/cache/swift /var/lock/swift {% endif %} -COPY swift-rootwrap /var/lib/kolla/venv/bin/swift-rootwrap -COPY rootwrap.conf /etc/swift/rootwrap.conf COPY swift_sudoers /etc/sudoers.d/kolla_swift_sudoers -RUN chmod 755 /var/lib/kolla/venv/bin/swift-rootwrap \ - && chmod 644 /etc/swift/rootwrap.conf \ - && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/swift/rootwrap.conf \ - && chmod 750 /etc/sudoers.d \ +RUN chmod 750 /etc/sudoers.d \ && chmod 440 /etc/sudoers.d/kolla_swift_sudoers \ && mkdir -p /opt/swift diff --git a/docker/swift/swift-base/rootwrap.conf b/docker/swift/swift-base/rootwrap.conf deleted file mode 100644 index 9adfaa6684..0000000000 --- a/docker/swift/swift-base/rootwrap.conf +++ /dev/null @@ -1,27 +0,0 @@ -# Configuration for swift-rootwrap -# This file should be owned by (and only-writeable by) the root user - -[DEFAULT] -# List of directories to load filter definitions from (separated by ','). -# These directories MUST all be only writeable by root ! -filters_path=/etc/swift/rootwrap.d,/usr/share/swift/rootwrap - -# List of directories to search executables in, in case filters do not -# explicitely specify a full path (separated by ',') -# If not specified, defaults to system PATH environment variable. -# These directories MUST all be only writeable by root ! -exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin - -# Enable logging to syslog -# Default value is False -use_syslog=False - -# Which syslog facility to use. -# Valid values include auth, authpriv, syslog, local0, local1... -# Default value is 'syslog' -syslog_log_facility=syslog - -# Which messages to log. -# INFO means log all usage -# ERROR means only log unsuccessful attempts -syslog_log_level=ERROR diff --git a/docker/swift/swift-base/swift-rootwrap b/docker/swift/swift-base/swift-rootwrap deleted file mode 100644 index 9432582dae..0000000000 --- a/docker/swift/swift-base/swift-rootwrap +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/python3 -# PBR Generated from 'console_scripts' - -import sys - -from oslo_rootwrap.cmd import main - - -if __name__ == "__main__": - sys.exit(main()) diff --git a/docker/swift/swift-base/swift_sudoers b/docker/swift/swift-base/swift_sudoers index 752fe0e2ee..f60e2260b0 100644 --- a/docker/swift/swift-base/swift_sudoers +++ b/docker/swift/swift-base/swift_sudoers @@ -1,3 +1,2 @@ swift ALL=(root) NOPASSWD: /bin/find /srv/node/ -maxdepth 1 -type d -execdir chown swift\:swift {} \\+ swift ALL=(root) NOPASSWD: /usr/bin/find /srv/node/ -maxdepth 1 -type d -execdir chown swift\:swift {} \\+ -swift ALL=(root) NOPASSWD: /var/lib/kolla/venv/bin/swift-rootwrap /etc/swift/rootwrap.conf *