| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
The various filters either asserted or incorrectly
assumed that an empty arglist matched the filter.
Add testcases to avoid regressions.
Change-Id: If90fbad3d54749ecc645071675402ea2613870a2
|
|
|
|
|
|
|
| |
In locked down environments, PATH might be unavailable
when running rootwrap.
Change-Id: Ia55514a7d69ab26c2bcf5d1839da1d36aaf46ebc
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These filters have been implemented in Quantum before:
- IpFilter provides support for filtering ip commands
- IpNetnsExecFilter is a chaining command filter that
verifies that the command to be executed by ip netns exec
is covered by other established filters.
IpNetnsExecFilter has been restricted to ensure that the
filter chains have all matching filters run as the same
user.
EnvFilter is a new filter derived from CommandFilter
that allows a Command to be optionally prefixed by "env"
and a specific list of environment variables.
This is intended to replace the specific DnsmasqFilter
and DnsmasqNetnsFilter in the future when all consumers
have been updated.
Implements bp rootwrap-quantum-features
Change-Id: I0cf39967126e99a8dc53d21bee824a0fe2f63aa0
|
|
|
|
|
|
|
|
|
|
|
|
| |
KillFilter currently expects an absolute path
to be specified for the process name to kill. This
is inconvenient when the exact location of the running
binary is not known or differs accross installs.
Extend KillFilter to accept also commands in $PATH
to be killed if the given argument is not absolute.
Change-Id: I6b90206b587ff3f949af2c256a78ca21af31867a
|
|
|
|
|
|
| |
H402 one line docstring needs punctuation
Change-Id: Ie848453cace318d8310cdf0234c512f4c1121119
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Python's readlink() implementation doesn't stop at '\0' when reading
file path. Thus after dnsmasq upgrade, it may return something like
'/usr/sbin/dnsmasq\03453 (deleted)', while C's or Shell's readlink()
return '/usr/sbin/dnsmasq'. This patch fixes this problem by cutting
the readlink() results with '\0', so that KillFilter could get correct
path.
Bug 1179793
Change-Id: I7354941e0508e019c8c9b63b87ad39f52ccb51ca
|
|
|
|
|
|
|
|
|
|
| |
PathFilter is a type of filter that allows to check
if path arguments of a command resolve to file system
paths within given directories.
Fixes bug 1098568.
Change-Id: Ie2686ad2ff114075c6d8d804031b6e3fa60a43ca
|
|
|
|
|
|
| |
One code change, rest are in headers
Change-Id: I73f59681358629e1ad74e49d3d3ca13fcb5c2eb1
|
|
|
|
|
|
|
|
| |
BaseTestCase properly hooks stubout into fixtures. Just use that.
Part of blueprint grizzly-testtools.
Change-Id: I4bf6b92b9b16d051d8c6ecaf52cf70925848ed8c
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On the path to testr migration, we need to replace the unittest base classes
with testtools.
Replace tearDown with addCleanup, addCleanup is more resilient than tearDown.
The fixtures library has excellent support for managing and cleaning
tempfiles. Use it.
Replace skip_ with testtools.skipTest
Part of blueprint grizzly-testtools.
Change-Id: I45e11bbb1ff9b31f3278d3b016737dcb7850cd98
|
|
Copies current nova-rootwrap code to openstack.common, so that it
can be reused by Cinder and Quantum.
Implements blueprint common-rootwrap.
Before it can be used in projects, update.py needs to grow the
capability to deploy files in bin/ and etc/, as well as replacing
a placeholder text by the destination project name in source files
and binary names.
In this proposed version, the placeholder text is "oslo".
Change-Id: I8655d5b3cccacd1cc2225aa539339fb478615422
|