Avoid any security issues related to passing an arbitrary binary path to a script running under sudo.
Detect qcow2 images by reading the image file header. It contains the "QFI" string and the qcow version number. The libvirt template is configured to use the qcow2 driver when a qcow2 image is detected. The root partition is altered by attaching it to a host device using qemu-nbd. Since qemu-nbd can be named differently depending on the Linux distribution, it is configurable by mount.conf. Closes #105.
Administrators can revert to the old behavior by setting CREATE_SSH_DIR to false. Closes #96.
Labels are extracted from the partition file name, and are named incrementally: blankpartition0, blankpartition1, etc. A label on the blankspace partition will allow mounting via label instead of device. This makes it easier in fstab where the device of the blankspace partition may not be known a priori. Thanks to Michael Paterson for the feature request and initial patch. Closes #88.
Bash 4.x changes the behavior of "( cmd )" statements under set -e. Previously these commands would not trigger an exit but with 4.x they do. mount-alter.sh relied on the old behavior to ensure that umount is called even if the alter fails. Other commands in the script are checked for success, so we are safe in removing set -e. Closes GH-18.
* Use >> instead of < because the lock file might not exist. * Add || exit $? after the subshell, otherwise any error will not be caught. * Close the file descriptor before starting dhcpd, otherwise the daemon will keep the lock indefinitely.
The locking is being done by dhcp-config.sh which itself calls dhcp-conf-alter.py.
This is just like in the ebtables-config and mount-alter scripts. This was done to address bug 7101, which can cause problems when workspace-control is installed on a shared filesystem.
v# modified: autocommon/src/org/nimbustools/auto_common/confmgr/TransformerIdentity.java vv# modified: docs/src/examples/compact/metadata/vw-logistics.xsd v# modified: docs/src/img/5.png
Conflicts: service/client/java/source/src/org/globus/workspace/cloud/client/util/CumulusTask.java tests/bt-nimbus.sh
Move the lock used by mount-alter.sh to the Nimbus installation. The file is already created with permissions 644. Finally, change the flock call to open the file for reading instead of writing. With these changes, we will be able to share the lock file between root-owned processes and nimbus-owned processes. The write->read part is not mandatory, it's mainly to detect a wrong installation where the lock file would be missing (as mount-alter will not create the file automatically anymore).
…vice or resource busy
We simply need to restrict input filtering to the corresponding VM bridge port, as in the Xen script. Otherwise, in a standard KVM bridge setup, traffic to the VMM physical NIC was subject to the ebtables rules and was dropped. This also allows the ebtables rules to do anti-spoofing between the VMs, so correct the documentation at the beginning of the script.
…the script which is called under sudo; absolute value configuration is still possible but now not required
…only works with one VM at a time and if nothing else is being bridged
Conflicts: control/etc/workspace-control/networks.conf control/etc/workspace-control/sudo.conf