From 65e233133e801439caaa8265b0de68c70a04ccd2 Mon Sep 17 00:00:00 2001
From: Vishvananda Ishaya <vishvananda@gmail.com>
Date: Fri, 3 Feb 2012 15:29:00 -0800
Subject: Allows nova to read files as root

 * Adds a rootwrap filter to limit readable files
 * Adds a utils method to read a file as root
 * adds tests to verify the additions work

Change-Id: Ic1ffb6f72f9b73795d5f39fac719842e6bdf16dd
---
 nova/utils.py | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'nova/utils.py')

diff --git a/nova/utils.py b/nova/utils.py
index 72e1cd3e0..452646d4d 100644
--- a/nova/utils.py
+++ b/nova/utils.py
@@ -1412,3 +1412,12 @@ def generate_mac_address():
            random.randint(0x00, 0xff),
            random.randint(0x00, 0xff)]
     return ':'.join(map(lambda x: "%02x" % x, mac))
+
+
+def read_file_as_root(file_path):
+    """Secure helper to read file as root."""
+    try:
+        out, _err = execute('cat', file_path, run_as_root=True)
+        return out
+    except exception.ProcessExecutionError:
+        raise exception.FileNotFound(file_path=file_path)
-- 
cgit