From 65e233133e801439caaa8265b0de68c70a04ccd2 Mon Sep 17 00:00:00 2001
From: Vishvananda Ishaya <vishvananda@gmail.com>
Date: Fri, 3 Feb 2012 15:29:00 -0800
Subject: Allows nova to read files as root

 * Adds a rootwrap filter to limit readable files
 * Adds a utils method to read a file as root
 * adds tests to verify the additions work

Change-Id: Ic1ffb6f72f9b73795d5f39fac719842e6bdf16dd
---
 nova/rootwrap/filters.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'nova/rootwrap')

diff --git a/nova/rootwrap/filters.py b/nova/rootwrap/filters.py
index d16fc9a57..faaeb11f7 100755
--- a/nova/rootwrap/filters.py
+++ b/nova/rootwrap/filters.py
@@ -123,3 +123,20 @@ class KillFilter(CommandFilter):
             # Incorrect PID
             return False
         return True
+
+
+class ReadFileFilter(CommandFilter):
+    """Specific filter for the utils.read_file_as_root call"""
+
+    def __init__(self, file_path, *args):
+        self.file_path = file_path
+        super(ReadFileFilter, self).__init__("/bin/cat", "root", *args)
+
+    def match(self, userargs):
+        if userargs[0] != 'cat':
+            return False
+        if userargs[1] != self.file_path:
+            return False
+        if len(userargs) != 2:
+            return False
+        return True
-- 
cgit