From 00808f2072c3ee8958ad16eabad7994730bb8b86 Mon Sep 17 00:00:00 2001 From: John Griffith Date: Thu, 28 Aug 2014 17:27:35 -0600 Subject: [PATCH] Fix rootwrap for non openstack.org iqn's The encryption methods implemented for attached volumes require a symbolic link created to the /dev/disk-by* iqn. The current implementation works fine for LVM, however the rootwrap is restricted to only allow iqns of the form openstack.org, for vendors that use their own target and iqn this won't work and will result in the attach failing for unauthorized command. This just makes the regex for the rootwrap filter a bit more permissive, only looking for iscsi-iqn.* Change-Id: I023ad24867c045a88f72c5ac7ac4e4da097a3643 Closes-Bug: 1362854 --- etc/nova/rootwrap.d/compute.filters | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/nova/rootwrap.d/compute.filters b/etc/nova/rootwrap.d/compute.filters index b79851b40066..f4424aef13b4 100644 --- a/etc/nova/rootwrap.d/compute.filters +++ b/etc/nova/rootwrap.d/compute.filters @@ -202,7 +202,7 @@ systool: CommandFilter, systool, root # nova/virt/libvirt/volume.py: sginfo: CommandFilter, sginfo, root sg_scan: CommandFilter, sg_scan, root -ln: RegExpFilter, ln, root, ln, --symbolic, --force, /dev/mapper/ip-.*-iscsi-iqn.2010-10.org.openstack:volume-.*, /dev/disk/by-path/ip-.*-iscsi-iqn.2010-10.org.openstack:volume-.* +ln: RegExpFilter, ln, root, ln, --symbolic, --force, /dev/mapper/ip-.*-iscsi-iqn.*, /dev/disk/by-path/ip-.*-iscsi-iqn.* # nova/volume/encryptors.py: # nova/virt/libvirt/dmcrypt.py: