diff options
| author | Vishvananda Ishaya <vishvananda@gmail.com> | 2012-02-03 15:29:00 -0800 |
|---|---|---|
| committer | Vishvananda Ishaya <vishvananda@gmail.com> | 2012-02-03 16:49:42 -0800 |
| commit | 65e233133e801439caaa8265b0de68c70a04ccd2 (patch) | |
| tree | 0929feec40ec2ebfc6a72f556e1414eb66d30c67 /nova/rootwrap | |
| parent | 61c434baa77fa2744cac81f64957da319078614e (diff) | |
| download | nova-65e233133e801439caaa8265b0de68c70a04ccd2.tar.gz nova-65e233133e801439caaa8265b0de68c70a04ccd2.tar.xz nova-65e233133e801439caaa8265b0de68c70a04ccd2.zip | |
Allows nova to read files as root
* Adds a rootwrap filter to limit readable files
* Adds a utils method to read a file as root
* adds tests to verify the additions work
Change-Id: Ic1ffb6f72f9b73795d5f39fac719842e6bdf16dd
Diffstat (limited to 'nova/rootwrap')
| -rwxr-xr-x | nova/rootwrap/filters.py | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/nova/rootwrap/filters.py b/nova/rootwrap/filters.py index d16fc9a57..faaeb11f7 100755 --- a/nova/rootwrap/filters.py +++ b/nova/rootwrap/filters.py @@ -123,3 +123,20 @@ class KillFilter(CommandFilter): # Incorrect PID return False return True + + +class ReadFileFilter(CommandFilter): + """Specific filter for the utils.read_file_as_root call""" + + def __init__(self, file_path, *args): + self.file_path = file_path + super(ReadFileFilter, self).__init__("/bin/cat", "root", *args) + + def match(self, userargs): + if userargs[0] != 'cat': + return False + if userargs[1] != self.file_path: + return False + if len(userargs) != 2: + return False + return True |