Fix environment passing in DnsmasqFilter
Fix environment passing in DnsmasqFilter so that dnsmasq can be run as root through nova-rootwrap. Fixes bug 919275. Change-Id: I2e78d92b9af4ddea9c0f1c5ddbe2d55fb672310e
This commit is contained in:
parent
e3451ac309
commit
bfdb9b1f5e
@ -65,7 +65,8 @@ if __name__ == '__main__':
|
|||||||
obj = subprocess.Popen(filtermatch.get_command(userargs),
|
obj = subprocess.Popen(filtermatch.get_command(userargs),
|
||||||
stdin=sys.stdin,
|
stdin=sys.stdin,
|
||||||
stdout=sys.stdout,
|
stdout=sys.stdout,
|
||||||
stderr=sys.stderr)
|
stderr=sys.stderr,
|
||||||
|
env=filtermatch.get_environment(userargs))
|
||||||
sys.exit(obj.returncode)
|
sys.exit(obj.returncode)
|
||||||
|
|
||||||
print "Unauthorized command: %s" % ' '.join(userargs)
|
print "Unauthorized command: %s" % ' '.join(userargs)
|
||||||
|
@ -41,6 +41,10 @@ class CommandFilter(object):
|
|||||||
return ['sudo', '-u', self.run_as, self.exec_path] + userargs[1:]
|
return ['sudo', '-u', self.run_as, self.exec_path] + userargs[1:]
|
||||||
return [self.exec_path] + userargs[1:]
|
return [self.exec_path] + userargs[1:]
|
||||||
|
|
||||||
|
def get_environment(self, userargs):
|
||||||
|
"""Returns specific environment to set, None if none"""
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
class RegExpFilter(CommandFilter):
|
class RegExpFilter(CommandFilter):
|
||||||
"""Command filter doing regexp matching for every argument"""
|
"""Command filter doing regexp matching for every argument"""
|
||||||
@ -77,4 +81,10 @@ class DnsmasqFilter(CommandFilter):
|
|||||||
return False
|
return False
|
||||||
|
|
||||||
def get_command(self, userargs):
|
def get_command(self, userargs):
|
||||||
return userargs[0:2] + [self.exec_path] + userargs[3:]
|
return [self.exec_path] + userargs[3:]
|
||||||
|
|
||||||
|
def get_environment(self, userargs):
|
||||||
|
env = os.environ.copy()
|
||||||
|
env['FLAGFILE'] = userargs[0].split('=')[-1]
|
||||||
|
env['NETWORK_ID'] = userargs[1].split('=')[-1]
|
||||||
|
return env
|
||||||
|
@ -52,11 +52,13 @@ class RootwrapTestCase(test.TestCase):
|
|||||||
self.assertTrue(filtermatch is None)
|
self.assertTrue(filtermatch is None)
|
||||||
|
|
||||||
def test_DnsmasqFilter(self):
|
def test_DnsmasqFilter(self):
|
||||||
usercmd = ['FLAGFILE=A', 'NETWORK_ID="foo bar"', 'dnsmasq', 'foo']
|
usercmd = ['FLAGFILE=A', 'NETWORK_ID=foobar', 'dnsmasq', 'foo']
|
||||||
f = filters.DnsmasqFilter("/usr/bin/dnsmasq", "root")
|
f = filters.DnsmasqFilter("/usr/bin/dnsmasq", "root")
|
||||||
self.assertTrue(f.match(usercmd))
|
self.assertTrue(f.match(usercmd))
|
||||||
self.assertEqual(f.get_command(usercmd),
|
self.assertEqual(f.get_command(usercmd), ['/usr/bin/dnsmasq', 'foo'])
|
||||||
['FLAGFILE=A', 'NETWORK_ID="foo bar"', '/usr/bin/dnsmasq', 'foo'])
|
env = f.get_environment(usercmd)
|
||||||
|
self.assertEqual(env.get('FLAGFILE'), 'A')
|
||||||
|
self.assertEqual(env.get('NETWORK_ID'), 'foobar')
|
||||||
|
|
||||||
def test_skips(self):
|
def test_skips(self):
|
||||||
# Check that all filters are skipped and that the last matches
|
# Check that all filters are skipped and that the last matches
|
||||||
|
Loading…
x
Reference in New Issue
Block a user