From a8dca282dc0fc66b16a4112b691791ae0655c64f Mon Sep 17 00:00:00 2001 From: Thierry Carrez Date: Mon, 29 Jul 2013 17:39:49 +0200 Subject: [PATCH] Update to latest oslo rootwrap Update Neutron rootwrap to the latest from oslo-incubator. This allows to get rid of the DnsMasqFilter (which was already replaced by EnvFilter) in preparation for the havana release, as well as get a few bugfixes. All the changes are coming directly from the Oslo "rootwrap" module sync. Change-Id: Ic373710cce0716323f4349414bb5b231f48d9177 --- neutron/openstack/common/rootwrap/filters.py | 50 ++++---------------- neutron/openstack/common/rootwrap/wrapper.py | 4 +- 2 files changed, 12 insertions(+), 42 deletions(-) diff --git a/neutron/openstack/common/rootwrap/filters.py b/neutron/openstack/common/rootwrap/filters.py index dfec41224..a68a043a6 100644 --- a/neutron/openstack/common/rootwrap/filters.py +++ b/neutron/openstack/common/rootwrap/filters.py @@ -47,7 +47,7 @@ class CommandFilter(object): def match(self, userargs): """Only check that the first argument (command) matches exec_path.""" - return os.path.basename(self.exec_path) == userargs[0] + return userargs and os.path.basename(self.exec_path) == userargs[0] def get_command(self, userargs, exec_dirs=[]): """Returns command to execute (with sudo -u if run_as != root).""" @@ -67,7 +67,7 @@ class RegExpFilter(CommandFilter): def match(self, userargs): # Early skip if command or number of args don't match - if (len(self.args) != len(userargs)): + if (not userargs or len(self.args) != len(userargs)): # DENY: argument numbers don't match return False # Compare each arg (anchoring pattern explicitly at end of string) @@ -101,6 +101,9 @@ class PathFilter(CommandFilter): """ def match(self, userargs): + if not userargs or len(userargs) < 2: + return False + command, arguments = userargs[0], userargs[1:] equal_args_num = len(self.args) == len(arguments) @@ -132,36 +135,6 @@ class PathFilter(CommandFilter): exec_dirs) -class DnsmasqFilter(CommandFilter): - """Specific filter for the dnsmasq call (which includes env).""" - - CONFIG_FILE_ARG = 'CONFIG_FILE' - - def match(self, userargs): - if (userargs[0] == 'env' and - userargs[1].startswith(self.CONFIG_FILE_ARG) and - userargs[2].startswith('NETWORK_ID=') and - userargs[3] == 'dnsmasq'): - return True - return False - - def get_command(self, userargs, exec_dirs=[]): - to_exec = self.get_exec(exec_dirs=exec_dirs) or self.exec_path - dnsmasq_pos = userargs.index('dnsmasq') - return [to_exec] + userargs[dnsmasq_pos + 1:] - - def get_environment(self, userargs): - env = os.environ.copy() - env[self.CONFIG_FILE_ARG] = userargs[1].split('=')[-1] - env['NETWORK_ID'] = userargs[2].split('=')[-1] - return env - - -class DeprecatedDnsmasqFilter(DnsmasqFilter): - """Variant of dnsmasq filter to support old-style FLAGFILE.""" - CONFIG_FILE_ARG = 'FLAGFILE' - - class KillFilter(CommandFilter): """Specific filter for the kill calls. @@ -178,7 +151,7 @@ class KillFilter(CommandFilter): super(KillFilter, self).__init__("/bin/kill", *args) def match(self, userargs): - if userargs[0] != "kill": + if not userargs or userargs[0] != "kill": return False args = list(userargs) if len(args) == 3: @@ -217,7 +190,8 @@ class KillFilter(CommandFilter): return (os.path.isabs(command) and kill_command == os.path.basename(command) and - os.path.dirname(command) in os.environ['PATH'].split(':')) + os.path.dirname(command) in os.environ.get('PATH', '' + ).split(':')) class ReadFileFilter(CommandFilter): @@ -228,13 +202,7 @@ class ReadFileFilter(CommandFilter): super(ReadFileFilter, self).__init__("/bin/cat", "root", *args) def match(self, userargs): - if userargs[0] != 'cat': - return False - if userargs[1] != self.file_path: - return False - if len(userargs) != 2: - return False - return True + return (userargs == ['cat', self.file_path]) class IpFilter(CommandFilter): diff --git a/neutron/openstack/common/rootwrap/wrapper.py b/neutron/openstack/common/rootwrap/wrapper.py index fa54ad8d4..16e3fbb39 100644 --- a/neutron/openstack/common/rootwrap/wrapper.py +++ b/neutron/openstack/common/rootwrap/wrapper.py @@ -46,8 +46,10 @@ class RootwrapConfig(object): if config.has_option("DEFAULT", "exec_dirs"): self.exec_dirs = config.get("DEFAULT", "exec_dirs").split(",") else: + self.exec_dirs = [] # Use system PATH if exec_dirs is not specified - self.exec_dirs = os.environ["PATH"].split(':') + if "PATH" in os.environ: + self.exec_dirs = os.environ['PATH'].split(':') # syslog_log_facility if config.has_option("DEFAULT", "syslog_log_facility"):