Merge "Add rootwrap filters for password injection with localfs"

author: Jenkins <jenkins@review.openstack.org> 2013-01-30 20:27:49 +0000
committer: Gerrit Code Review <review@openstack.org> 2013-01-30 20:27:49 +0000
commit: 0b3a62d1bb5a7b2db629ddce26662e02739dbe1f (patch)
tree: e4c619fc1be5e6114022f947adeb21a6b3cafd82 /etc/nova/rootwrap.d
parent: b5d242b209c80b375c576b6428056797427067f1 (diff)
parent: 72da6199d233d7bd434e019a2d1b7275804eda3e (diff)
download: nova-0b3a62d1bb5a7b2db629ddce26662e02739dbe1f.tar.gz
nova-0b3a62d1bb5a7b2db629ddce26662e02739dbe1f.tar.xz
nova-0b3a62d1bb5a7b2db629ddce26662e02739dbe1f.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/etc/nova/rootwrap.d/compute.filters b/etc/nova/rootwrap.d/compute.filters
index e1113a9e7..9562a23aa 100644
--- a/etc/nova/rootwrap.d/compute.filters
+++ b/etc/nova/rootwrap.d/compute.filters
@@ -174,3 +174,9 @@ vgs: CommandFilter, /sbin/vgs, root
 
 # nova/virt/baremetal/volume_driver.py: 'tgtadm', '--lld', 'iscsi', ...
 tgtadm: CommandFilter, /usr/sbin/tgtadm, root
+
+# nova/utils.py:read_file_as_root: 'cat', file_path
+# (called from nova/virt/disk/vfs/localfs.py:VFSLocalFS.read_file)
+read_passwd: RegExpFilter, cat, root, cat, (/var|/usr)?/tmp/openstack-vfs-localfs[^/]+/etc/passwd
+read_shadow: RegExpFilter, cat, root, cat, (/var|/usr)?/tmp/openstack-vfs-localfs[^/]+/etc/shadow
+
author	Jenkins <jenkins@review.openstack.org>	2013-01-30 20:27:49 +0000
committer	Gerrit Code Review <review@openstack.org>	2013-01-30 20:27:49 +0000
commit	0b3a62d1bb5a7b2db629ddce26662e02739dbe1f (patch)
tree	e4c619fc1be5e6114022f947adeb21a6b3cafd82 /etc/nova/rootwrap.d
parent	b5d242b209c80b375c576b6428056797427067f1 (diff)
parent	72da6199d233d7bd434e019a2d1b7275804eda3e (diff)
download	nova-0b3a62d1bb5a7b2db629ddce26662e02739dbe1f.tar.gz nova-0b3a62d1bb5a7b2db629ddce26662e02739dbe1f.tar.xz nova-0b3a62d1bb5a7b2db629ddce26662e02739dbe1f.zip