Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
When running commands that require root privileges, the linuxbridge, openvswitch, and ryu agent now prepend the commands with the value of the root_helper config variable. This is set to "sudo" in the plugins' .ini files, allowing the agent to run as a non-root user with appropriate sudo privilidges. If root_helper is changed to "sudo quantum-rootwrap", then the command being run will be filtered against lists of each agent's valid commands in quantum/rootwrap. See http://wiki.openstack.org/Packager/Rootwrap for details. Fixes bug 948467. Change-Id: I549515068a4ce8ae480905ec5eaab6257445d0c3 Signed-off-by: Bob Kukura <rkukura@redhat.com>
- Loading branch information
Bob Kukura
committed
Mar 14, 2012
1 parent
f88a1f7
commit a06b316
Showing
16 changed files
with
508 additions
and
38 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
#!/usr/bin/env python | ||
# vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
|
||
# Copyright (c) 2012 Openstack, LLC. | ||
# All Rights Reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
# not use this file except in compliance with the License. You may obtain | ||
# a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
# License for the specific language governing permissions and limitations | ||
# under the License. | ||
|
||
"""Root wrapper for Quantum | ||
Uses modules in quantum.rootwrap containing filters for commands | ||
that quantum agents are allowed to run as another user. | ||
To switch to using this, you should: | ||
* Set "--root_helper=sudo quantum-rootwrap" in the agents config file. | ||
* Allow quantum to run quantum-rootwrap as root in quantum_sudoers: | ||
quantum ALL = (root) NOPASSWD: /usr/bin/quantum-rootwrap | ||
(all other commands can be removed from this file) | ||
To make allowed commands node-specific, your packaging should only | ||
install quantum/rootwrap/quantum-*-agent.py on compute nodes where | ||
agents that need root privileges are run. | ||
""" | ||
|
||
import os | ||
import subprocess | ||
import sys | ||
|
||
|
||
RC_UNAUTHORIZED = 99 | ||
RC_NOCOMMAND = 98 | ||
|
||
if __name__ == '__main__': | ||
# Split arguments, require at least a command | ||
execname = sys.argv.pop(0) | ||
if len(sys.argv) == 0: | ||
print "%s: %s" % (execname, "No command specified") | ||
sys.exit(RC_NOCOMMAND) | ||
|
||
userargs = sys.argv[:] | ||
|
||
# Add ../ to sys.path to allow running from branch | ||
possible_topdir = os.path.normpath(os.path.join(os.path.abspath(execname), | ||
os.pardir, os.pardir)) | ||
if os.path.exists(os.path.join(possible_topdir, "quantum", "__init__.py")): | ||
sys.path.insert(0, possible_topdir) | ||
|
||
from quantum.rootwrap import wrapper | ||
|
||
# Execute command if it matches any of the loaded filters | ||
filters = wrapper.load_filters() | ||
filtermatch = wrapper.match_filter(filters, userargs) | ||
if filtermatch: | ||
obj = subprocess.Popen(filtermatch.get_command(userargs), | ||
stdin=sys.stdin, | ||
stdout=sys.stdout, | ||
stderr=sys.stderr, | ||
env=filtermatch.get_environment(userargs)) | ||
obj.wait() | ||
sys.exit(obj.returncode) | ||
|
||
print "Unauthorized command: %s" % ' '.join(userargs) | ||
sys.exit(RC_UNAUTHORIZED) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.