From 12e264d58f052f192f3408f5cd8637809eff085b Mon Sep 17 00:00:00 2001
From: Thierry Carrez <thierry@openstack.org>
Date: Fri, 16 Nov 2012 15:50:01 +0100
Subject: Configurable exec_dirs to find rootwrap commands

Adds support for a configurable set of trusted directories to search
executables in (exec_dirs), which defaults to system PATH. If your
filter specifies an exec_path that doesn't start with '/', then it
will be searched in exec_dirs. Avoids having to write multiple
filters to care for distro differences. Fixes bug 1079723.

Also returns a specific error rather than try to run absent executables.

Change-Id: Idab03bb0be6832a75ffeed4e78d25d0543f5caf9
---
 bin/nova-rootwrap | 40 +++++++++++++++++++++++++++-------------
 1 file changed, 27 insertions(+), 13 deletions(-)

(limited to 'bin/nova-rootwrap')

diff --git a/bin/nova-rootwrap b/bin/nova-rootwrap
index a28205a80..3322bc815 100755
--- a/bin/nova-rootwrap
+++ b/bin/nova-rootwrap
@@ -42,6 +42,7 @@ import sys
 RC_UNAUTHORIZED = 99
 RC_NOCOMMAND = 98
 RC_BADCONFIG = 97
+RC_NOEXECFOUND = 96
 
 
 def _subprocess_setup():
@@ -65,6 +66,11 @@ if __name__ == '__main__':
     config.read(configfile)
     try:
         filters_path = config.get("DEFAULT", "filters_path").split(",")
+        if config.has_option("DEFAULT", "exec_dirs"):
+            exec_dirs = config.get("DEFAULT", "exec_dirs").split(",")
+        else:
+            # Use system PATH if exec_dirs is not specified
+            exec_dirs = os.environ["PATH"].split(':')
     except ConfigParser.Error:
         print "%s: Incorrect configuration file: %s" % (execname, configfile)
         sys.exit(RC_BADCONFIG)
@@ -79,16 +85,24 @@ if __name__ == '__main__':
 
     # Execute command if it matches any of the loaded filters
     filters = wrapper.load_filters(filters_path)
-    filtermatch = wrapper.match_filter(filters, userargs)
-    if filtermatch:
-        obj = subprocess.Popen(filtermatch.get_command(userargs),
-                               stdin=sys.stdin,
-                               stdout=sys.stdout,
-                               stderr=sys.stderr,
-                               preexec_fn=_subprocess_setup,
-                               env=filtermatch.get_environment(userargs))
-        obj.wait()
-        sys.exit(obj.returncode)
-
-    print "Unauthorized command: %s" % ' '.join(userargs)
-    sys.exit(RC_UNAUTHORIZED)
+    try:
+        filtermatch = wrapper.match_filter(filters, userargs,
+                                           exec_dirs=exec_dirs)
+        if filtermatch:
+            obj = subprocess.Popen(filtermatch.get_command(userargs,
+                                                      exec_dirs=exec_dirs),
+                                   stdin=sys.stdin,
+                                   stdout=sys.stdout,
+                                   stderr=sys.stderr,
+                                   preexec_fn=_subprocess_setup,
+                                   env=filtermatch.get_environment(userargs))
+            obj.wait()
+            sys.exit(obj.returncode)
+
+    except wrapper.FilterMatchNotExecutable as exc:
+        print "Executable not found: %s" % exc.match.exec_path
+        sys.exit(RC_NOEXECFOUND)
+
+    except wrapper.NoFilterMatched:
+        print "Unauthorized command: %s" % ' '.join(userargs)
+        sys.exit(RC_UNAUTHORIZED)
-- 
cgit