Go to file

Gorka Eguileor 5d5f8e02ef Fix os-brick in virtual environments

When running os-brick in a virtual environment created by a non root
user, we get the following error:

  ModuleNotFoundError: No module named 'os_brick.privileged.rootwrap'

This happens because the privsep daemon drops all the privileged except
those defined in the context, and our current context doesn't bypass
file read permission checks, so the Daemon cannot read the file with the
code it was asked to run, because it belongs to a different user.

This patch adds the CAP_DAC_READ_SEARCH capability to our privsep
context so we can load the libraries, but only when we are running on a
virtual environment to follow the principle of least privilege.

This bug doesn't affect system-wide installations because the files
installed under /sys/python*/site-packages belong to the Daemon user
(root), so no special capabilities are necessary.

Change-Id: Ib191c075ad1250822f6ac842f39214af8f3a02f0
Close-Bug: #1884059

2020-06-19 09:32:24 +02:00

doc

Switch to newer openstackdocstheme and reno versions

2020-05-21 17:10:15 +02:00

etc/os-brick/rootwrap.d

Trivial rootwrap -> privsep replacement

2016-04-15 15:29:25 +00:00

os_brick

Fix os-brick in virtual environments

2020-06-19 09:32:24 +02:00

releasenotes

Remove VxFlex OS credentials from connection_properties

2020-06-03 11:27:21 +00:00

tools

Stop to use the __future__ module.

2020-06-02 20:35:29 +02:00

.coveragerc

Fix coverage generation

2016-04-20 15:52:31 +00:00

.gitignore

Add LIO barbican tests to .zuul.yaml

2018-10-01 10:19:36 -05:00

.gitreview

OpenDev Migration Patch

2019-04-19 19:34:25 +00:00

.mailmap

Created the Brick library from Cinder

2015-01-22 19:09:30 +00:00

.stestr.conf

Add .stestr.conf configuration

2017-10-02 17:35:26 -05:00

.zuul.yaml

Merge "Add NFS tempest job to check queue"

2020-04-28 22:23:17 +00:00

bindep.txt

Add iscsi-initiator-utils requirement

2020-06-08 09:26:20 -04:00

CONTRIBUTING.rst

Ussuri contrib docs community goal

2020-03-05 09:11:33 -05:00

HACKING.rst

Update hacking version

2019-01-18 21:30:00 -05:00

LICENSE

Created the Brick library from Cinder

2015-01-22 19:09:30 +00:00

lower-constraints.txt

Update lower-constraints versions

2020-06-09 13:39:16 -05:00

pylintrc

Add pylint tox env

2016-04-04 18:02:19 -04:00

README.rst

Replace git.openstack.org URLs with opendev.org URLs

2019-04-23 20:55:14 +08:00

requirements.txt

Update lower-constraints versions

2020-06-09 13:39:16 -05:00

setup.cfg

Merge "Add py38 package metadata"

2020-05-03 14:08:49 +00:00

setup.py

Cleanup py27 support

2020-04-05 17:43:12 +02:00

test-requirements.txt

Update lower-constraints versions

2020-06-09 13:39:16 -05:00

tox.ini

Add dependencies to releasenotes environment

2020-05-29 22:15:27 -04:00

README.rst

Team and repository tags

brick

OpenStack Cinder brick library for managing local volume attaches

Features

Discovery of volumes being attached to a host for many transport protocols.
Removal of volumes from a host.

Hacking

Hacking on brick requires python-gdbm (for Debian derived distributions), Python 2.7 and Python 3.4. A recent tox is required, as is a recent virtualenv (13.1.0 or newer).

If "tox -e py34" fails with the error "db type could not be determined", remove the .testrepository/ directory and then run "tox -e py34".

For any other information, refer to the developer documents:: https://docs.openstack.org/os-brick/latest/
OR refer to the parent project, Cinder:: https://docs.openstack.org/cinder/latest/
Release notes for the project can be found at:: https://docs.openstack.org/releasenotes/os-brick

License: Apache License, Version 2.0
Source: https://opendev.org/openstack/os-brick
Bugs: https://bugs.launchpad.net/os-brick