Fix environment passing in DnsmasqFilter

Fix environment passing in DnsmasqFilter so that dnsmasq can be run as root through nova-rootwrap. Fixes bug 919275. Change-Id: I2e78d92b9af4ddea9c0f1c5ddbe2d55fb672310e
2012-01-23 11:17:34 +01:00 · 2012-01-23 11:17:34 +01:00 · bfdb9b1f5e
commit bfdb9b1f5e
parent e3451ac309
3 changed files with 18 additions and 5 deletions
--- a/bin/nova-rootwrap
+++ b/bin/nova-rootwrap
@ -65,7 +65,8 @@ if __name__ == '__main__':
        obj = subprocess.Popen(filtermatch.get_command(userargs),
                               stdin=sys.stdin,
                               stdout=sys.stdout,
-                               stderr=sys.stderr)
+                               stderr=sys.stderr,
+                               env=filtermatch.get_environment(userargs))
        sys.exit(obj.returncode)

    print "Unauthorized command: %s" % ' '.join(userargs)
--- a/nova/rootwrap/filters.py
+++ b/nova/rootwrap/filters.py
@ -41,6 +41,10 @@ class CommandFilter(object):
            return ['sudo', '-u', self.run_as, self.exec_path] + userargs[1:]
        return [self.exec_path] + userargs[1:]

+    def get_environment(self, userargs):
+        """Returns specific environment to set, None if none"""
+        return None
+

 class RegExpFilter(CommandFilter):
    """Command filter doing regexp matching for every argument"""
@ -77,4 +81,10 @@ class DnsmasqFilter(CommandFilter):
        return False

    def get_command(self, userargs):
-        return userargs[0:2] + [self.exec_path] + userargs[3:]
+        return [self.exec_path] + userargs[3:]
+
+    def get_environment(self, userargs):
+        env = os.environ.copy()
+        env['FLAGFILE'] = userargs[0].split('=')[-1]
+        env['NETWORK_ID'] = userargs[1].split('=')[-1]
+        return env
--- a/nova/tests/test_nova_rootwrap.py
+++ b/nova/tests/test_nova_rootwrap.py
@ -52,11 +52,13 @@ class RootwrapTestCase(test.TestCase):
        self.assertTrue(filtermatch is None)

    def test_DnsmasqFilter(self):
-        usercmd = ['FLAGFILE=A', 'NETWORK_ID="foo bar"', 'dnsmasq', 'foo']
+        usercmd = ['FLAGFILE=A', 'NETWORK_ID=foobar', 'dnsmasq', 'foo']
        f = filters.DnsmasqFilter("/usr/bin/dnsmasq", "root")
        self.assertTrue(f.match(usercmd))
-        self.assertEqual(f.get_command(usercmd),
-            ['FLAGFILE=A', 'NETWORK_ID="foo bar"', '/usr/bin/dnsmasq', 'foo'])
+        self.assertEqual(f.get_command(usercmd), ['/usr/bin/dnsmasq', 'foo'])
+        env = f.get_environment(usercmd)
+        self.assertEqual(env.get('FLAGFILE'), 'A')
+        self.assertEqual(env.get('NETWORK_ID'), 'foobar')

    def test_skips(self):
        # Check that all filters are skipped and that the last matches