x/vmware-nsx
Code Issues Proposed changes

Update to latest oslo rootwrap

Browse Source 
Update Neutron rootwrap to the latest from oslo-incubator. This allows
to get rid of the DnsMasqFilter (which was already replaced by
EnvFilter) in preparation for the havana release, as well as get a few
bugfixes.

All the changes are coming directly from the Oslo "rootwrap" module
sync.

Change-Id: Ic373710cce0716323f4349414bb5b231f48d9177
This commit is contained in:
Thierry Carrez 2013-07-29 17:39:49 +02:00
parent ca421e7e62
commit a8dca282dc
2 changed files with 12 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
neutron/openstack/common/rootwrap/filters.py
View File

@ -47,7 +47,7 @@ class CommandFilter(object):
def match(self, userargs): def match(self, userargs):
"""Only check that the first argument (command) matches exec_path.""" """Only check that the first argument (command) matches exec_path."""
return os.path.basename(self.exec_path) == userargs[0] return userargs and os.path.basename(self.exec_path) == userargs[0]
def get_command(self, userargs, exec_dirs=[]): def get_command(self, userargs, exec_dirs=[]):
"""Returns command to execute (with sudo -u if run_as != root).""" """Returns command to execute (with sudo -u if run_as != root)."""
@ -67,7 +67,7 @@ class RegExpFilter(CommandFilter):
def match(self, userargs): def match(self, userargs):
# Early skip if command or number of args don't match # Early skip if command or number of args don't match
if (len(self.args) != len(userargs)): if (not userargs or len(self.args) != len(userargs)):
# DENY: argument numbers don't match # DENY: argument numbers don't match
return False return False
# Compare each arg (anchoring pattern explicitly at end of string) # Compare each arg (anchoring pattern explicitly at end of string)
@ -101,6 +101,9 @@ class PathFilter(CommandFilter):
""" """
def match(self, userargs): def match(self, userargs):
if not userargs or len(userargs) < 2:
return False
command, arguments = userargs[0], userargs[1:] command, arguments = userargs[0], userargs[1:]
equal_args_num = len(self.args) == len(arguments) equal_args_num = len(self.args) == len(arguments)
@ -132,36 +135,6 @@ class PathFilter(CommandFilter):
exec_dirs) exec_dirs)
class DnsmasqFilter(CommandFilter):
"""Specific filter for the dnsmasq call (which includes env)."""
CONFIG_FILE_ARG = 'CONFIG_FILE'
def match(self, userargs):
if (userargs[0] == 'env' and
userargs[1].startswith(self.CONFIG_FILE_ARG) and
userargs[2].startswith('NETWORK_ID=') and
userargs[3] == 'dnsmasq'):
return True
return False
def get_command(self, userargs, exec_dirs=[]):
to_exec = self.get_exec(exec_dirs=exec_dirs) or self.exec_path
dnsmasq_pos = userargs.index('dnsmasq')
return [to_exec] + userargs[dnsmasq_pos + 1:]
def get_environment(self, userargs):
env = os.environ.copy()
env[self.CONFIG_FILE_ARG] = userargs[1].split('=')[-1]
env['NETWORK_ID'] = userargs[2].split('=')[-1]
return env
class DeprecatedDnsmasqFilter(DnsmasqFilter):
"""Variant of dnsmasq filter to support old-style FLAGFILE."""
CONFIG_FILE_ARG = 'FLAGFILE'
class KillFilter(CommandFilter): class KillFilter(CommandFilter):
"""Specific filter for the kill calls. """Specific filter for the kill calls.
@ -178,7 +151,7 @@ class KillFilter(CommandFilter):
super(KillFilter, self).__init__("/bin/kill", *args) super(KillFilter, self).__init__("/bin/kill", *args)
def match(self, userargs): def match(self, userargs):
if userargs[0] != "kill": if not userargs or userargs[0] != "kill":
return False return False
args = list(userargs) args = list(userargs)
if len(args) == 3: if len(args) == 3:
@ -217,7 +190,8 @@ class KillFilter(CommandFilter):
return (os.path.isabs(command) and return (os.path.isabs(command) and
kill_command == os.path.basename(command) and kill_command == os.path.basename(command) and
os.path.dirname(command) in os.environ['PATH'].split(':')) os.path.dirname(command) in os.environ.get('PATH', ''
).split(':'))
class ReadFileFilter(CommandFilter): class ReadFileFilter(CommandFilter):
@ -228,13 +202,7 @@ class ReadFileFilter(CommandFilter):
super(ReadFileFilter, self).__init__("/bin/cat", "root", *args) super(ReadFileFilter, self).__init__("/bin/cat", "root", *args)
def match(self, userargs): def match(self, userargs):
if userargs[0] != 'cat': return (userargs == ['cat', self.file_path])
return False
if userargs[1] != self.file_path:
return False
if len(userargs) != 2:
return False
return True
class IpFilter(CommandFilter): class IpFilter(CommandFilter):

4
neutron/openstack/common/rootwrap/wrapper.py
View File

@ -46,8 +46,10 @@ class RootwrapConfig(object):
if config.has_option("DEFAULT", "exec_dirs"): if config.has_option("DEFAULT", "exec_dirs"):
self.exec_dirs = config.get("DEFAULT", "exec_dirs").split(",") self.exec_dirs = config.get("DEFAULT", "exec_dirs").split(",")
else: else:
self.exec_dirs = []
# Use system PATH if exec_dirs is not specified # Use system PATH if exec_dirs is not specified
self.exec_dirs = os.environ["PATH"].split(':') if "PATH" in os.environ:
self.exec_dirs = os.environ['PATH'].split(':')
# syslog_log_facility # syslog_log_facility
if config.has_option("DEFAULT", "syslog_log_facility"): if config.has_option("DEFAULT", "syslog_log_facility"):