Allows nova to read files as root

* Adds a rootwrap filter to limit readable files * Adds a utils method to read a file as root * adds tests to verify the additions work Change-Id: Ic1ffb6f72f9b73795d5f39fac719842e6bdf16dd
2012-02-03 15:29:00 -08:00
parent e05a04614c
commit 0da1f5da22
2 changed files with 26 additions and 0 deletions
--- a/nova/rootwrap/filters.py
+++ b/nova/rootwrap/filters.py
@@ -123,3 +123,20 @@ class KillFilter(CommandFilter):
            # Incorrect PID
            return False
        return True
+
+
+class ReadFileFilter(CommandFilter):
+    """Specific filter for the utils.read_file_as_root call"""
+
+    def __init__(self, file_path, *args):
+        self.file_path = file_path
+        super(ReadFileFilter, self).__init__("/bin/cat", "root", *args)
+
+    def match(self, userargs):
+        if userargs[0] != 'cat':
+            return False
+        if userargs[1] != self.file_path:
+            return False
+        if len(userargs) != 2:
+            return False
+        return True