Fix rootwrap for non openstack.org iqn's

The encryption methods implemented for attached volumes require a symbolic link created to the /dev/disk-by* iqn. The current implementation works fine for LVM, however the rootwrap is restricted to only allow iqns of the form openstack.org, for vendors that use their own target and iqn this won't work and will result in the attach failing for unauthorized command. This just makes the regex for the rootwrap filter a bit more permissive, only looking for iscsi-iqn.* Change-Id: I023ad24867c045a88f72c5ac7ac4e4da097a3643 Closes-Bug: 1362854
2014-08-28 17:27:35 -06:00 · 2014-08-28 17:27:35 -06:00 · 00808f2072
commit 00808f2072
parent 3e4ef29cab
1 changed files with 1 additions and 1 deletions
--- a/etc/nova/rootwrap.d/compute.filters
+++ b/etc/nova/rootwrap.d/compute.filters
@ -202,7 +202,7 @@ systool: CommandFilter, systool, root
 # nova/virt/libvirt/volume.py:
 sginfo: CommandFilter, sginfo, root
 sg_scan: CommandFilter, sg_scan, root
-ln: RegExpFilter, ln, root, ln, --symbolic, --force, /dev/mapper/ip-.*-iscsi-iqn.2010-10.org.openstack:volume-.*, /dev/disk/by-path/ip-.*-iscsi-iqn.2010-10.org.openstack:volume-.*
+ln: RegExpFilter, ln, root, ln, --symbolic, --force, /dev/mapper/ip-.*-iscsi-iqn.*, /dev/disk/by-path/ip-.*-iscsi-iqn.*

 # nova/volume/encryptors.py:
 # nova/virt/libvirt/dmcrypt.py: