diff options
Diffstat (limited to 'bin/nova-rootwrap')
| -rwxr-xr-x | bin/nova-rootwrap | 40 |
1 files changed, 27 insertions, 13 deletions
diff --git a/bin/nova-rootwrap b/bin/nova-rootwrap index a28205a80..3322bc815 100755 --- a/bin/nova-rootwrap +++ b/bin/nova-rootwrap @@ -42,6 +42,7 @@ import sys RC_UNAUTHORIZED = 99 RC_NOCOMMAND = 98 RC_BADCONFIG = 97 +RC_NOEXECFOUND = 96 def _subprocess_setup(): @@ -65,6 +66,11 @@ if __name__ == '__main__': config.read(configfile) try: filters_path = config.get("DEFAULT", "filters_path").split(",") + if config.has_option("DEFAULT", "exec_dirs"): + exec_dirs = config.get("DEFAULT", "exec_dirs").split(",") + else: + # Use system PATH if exec_dirs is not specified + exec_dirs = os.environ["PATH"].split(':') except ConfigParser.Error: print "%s: Incorrect configuration file: %s" % (execname, configfile) sys.exit(RC_BADCONFIG) @@ -79,16 +85,24 @@ if __name__ == '__main__': # Execute command if it matches any of the loaded filters filters = wrapper.load_filters(filters_path) - filtermatch = wrapper.match_filter(filters, userargs) - if filtermatch: - obj = subprocess.Popen(filtermatch.get_command(userargs), - stdin=sys.stdin, - stdout=sys.stdout, - stderr=sys.stderr, - preexec_fn=_subprocess_setup, - env=filtermatch.get_environment(userargs)) - obj.wait() - sys.exit(obj.returncode) - - print "Unauthorized command: %s" % ' '.join(userargs) - sys.exit(RC_UNAUTHORIZED) + try: + filtermatch = wrapper.match_filter(filters, userargs, + exec_dirs=exec_dirs) + if filtermatch: + obj = subprocess.Popen(filtermatch.get_command(userargs, + exec_dirs=exec_dirs), + stdin=sys.stdin, + stdout=sys.stdout, + stderr=sys.stderr, + preexec_fn=_subprocess_setup, + env=filtermatch.get_environment(userargs)) + obj.wait() + sys.exit(obj.returncode) + + except wrapper.FilterMatchNotExecutable as exc: + print "Executable not found: %s" % exc.match.exec_path + sys.exit(RC_NOEXECFOUND) + + except wrapper.NoFilterMatched: + print "Unauthorized command: %s" % ' '.join(userargs) + sys.exit(RC_UNAUTHORIZED) |