Permalink
Browse files

Call iptables without absolute path.

Fixes bug 1069966

rootwrap expects the command name is not absolute. We need to call
the command without path to make rootwrap work well.

Change-Id: I6120103908d10ca257d177a320294de06a89c646
  • Loading branch information...
1 parent 4946d4b commit 425e942fa28667f57282044f653a73c7fa60cfff @amotoki amotoki committed with Gary Kotton Oct 24, 2012
Showing with 25 additions and 25 deletions.
  1. +1 −1 quantum/agent/linux/iptables_manager.py
  2. +24 −24 quantum/tests/unit/test_iptables_manager.py
@@ -269,7 +269,7 @@ def apply(self):
rules. This happens atomically, thanks to iptables-restore.
"""
- s = [('/sbin/iptables', self.ipv4)]
+ s = [('iptables', self.ipv4)]
if self.use_ipv6:
s += [('ip6tables', self.ipv6)]
@@ -44,7 +44,7 @@ def test_binary_name(self):
def test_add_and_remove_chain(self):
bn = iptables_manager.binary_name
- self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'],
+ self.iptables.execute(['iptables-save', '-t', 'filter'],
root_helper=self.root_helper).AndReturn('')
nat_dump = (':%s-OUTPUT - [0:0]\n:%s-snat - [0:0]\n:%s-PREROUTING -'
@@ -56,7 +56,7 @@ def test_add_and_remove_chain(self):
'%s-snat -j %s-float-snat\n' % (bn, bn, bn, bn, bn, bn,
bn, bn, bn, bn, bn))
- self.iptables.execute(['/sbin/iptables-restore'],
+ self.iptables.execute(['iptables-restore'],
process_input=(':%s-FORWARD - [0:0]\n:%s-INPUT'
' - [0:0]\n:%s-local - [0:0]\n:%s-filter - [0:'
'0]\n:%s-OUTPUT - [0:0]\n:quantum-filter-top -'
@@ -67,17 +67,17 @@ def test_add_and_remove_chain(self):
'\n' % (bn, bn, bn, bn, bn, bn, bn, bn, bn)
), root_helper=self.root_helper).AndReturn(None)
- self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'],
+ self.iptables.execute(['iptables-save', '-t', 'nat'],
root_helper=self.root_helper).AndReturn('')
- self.iptables.execute(['/sbin/iptables-restore'],
+ self.iptables.execute(['iptables-restore'],
process_input=nat_dump,
root_helper=self.root_helper).AndReturn(None)
- self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'],
+ self.iptables.execute(['iptables-save', '-t', 'filter'],
root_helper=self.root_helper).AndReturn('')
- self.iptables.execute(['/sbin/iptables-restore'],
+ self.iptables.execute(['iptables-restore'],
process_input=(':%s-FORWARD - [0:0]\n:%s-INPUT'
' - [0:0]\n:%s-local - [0:0]\n:%s-OUTPUT - [0:'
'0]\n:quantum-filter-top - [0:0]\n-A FORWARD -'
@@ -88,10 +88,10 @@ def test_add_and_remove_chain(self):
bn, bn, bn, bn)), root_helper=self.root_helper
).AndReturn(None)
- self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'],
+ self.iptables.execute(['iptables-save', '-t', 'nat'],
root_helper=self.root_helper).AndReturn('')
- self.iptables.execute(['/sbin/iptables-restore'],
+ self.iptables.execute(['iptables-restore'],
process_input=nat_dump,
root_helper=self.root_helper).AndReturn(None)
@@ -107,7 +107,7 @@ def test_add_and_remove_chain(self):
def test_add_filter_rule(self):
bn = iptables_manager.binary_name
- self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'],
+ self.iptables.execute(['iptables-save', '-t', 'filter'],
root_helper=self.root_helper).AndReturn('')
nat_dump = (':%s-OUTPUT - [0:0]\n:%s-snat - [0:0]\n:%s-PREROUTING -'
@@ -119,7 +119,7 @@ def test_add_filter_rule(self):
'%s-snat -j %s-float-snat\n' % (bn, bn, bn, bn, bn, bn,
bn, bn, bn, bn, bn))
- self.iptables.execute(['/sbin/iptables-restore'],
+ self.iptables.execute(['iptables-restore'],
process_input=(':%s-FORWARD - [0:0]\n:%s-INPUT'
' - [0:0]\n:%s-local - [0:0]\n:%s-filter - [0:'
'0]\n:%s-OUTPUT - [0:0]\n:quantum-filter-top -'
@@ -132,17 +132,17 @@ def test_add_filter_rule(self):
bn, bn, bn, bn, bn, bn, bn, bn)),
root_helper=self.root_helper).AndReturn(None)
- self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'],
+ self.iptables.execute(['iptables-save', '-t', 'nat'],
root_helper=self.root_helper).AndReturn('')
- self.iptables.execute(['/sbin/iptables-restore'],
+ self.iptables.execute(['iptables-restore'],
process_input=nat_dump,
root_helper=self.root_helper).AndReturn(None)
- self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'],
+ self.iptables.execute(['iptables-save', '-t', 'filter'],
root_helper=self.root_helper).AndReturn('')
- self.iptables.execute(['/sbin/iptables-restore'],
+ self.iptables.execute(['iptables-restore'],
process_input=(':%s-FORWARD - [0:0]\n:%s-INPUT -'
' [0:0]\n:%s-local - [0:0]\n:%s-OUTPUT - [0:0]\n'
':quantum-filter-top - [0:0]\n-A FORWARD -j quan'
@@ -153,10 +153,10 @@ def test_add_filter_rule(self):
bn)), root_helper=self.root_helper
).AndReturn(None)
- self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'],
+ self.iptables.execute(['iptables-save', '-t', 'nat'],
root_helper=self.root_helper).AndReturn('')
- self.iptables.execute(['/sbin/iptables-restore'],
+ self.iptables.execute(['iptables-restore'],
process_input=nat_dump,
root_helper=self.root_helper).AndReturn(None)
@@ -192,17 +192,17 @@ def test_add_nat_rule(self):
'ORWARD -j %s-FORWARD\n' % (bn, bn, bn, bn, bn,
bn, bn, bn))
- self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'],
+ self.iptables.execute(['iptables-save', '-t', 'filter'],
root_helper=self.root_helper).AndReturn('')
- self.iptables.execute(['/sbin/iptables-restore'],
+ self.iptables.execute(['iptables-restore'],
process_input=filter_dump,
root_helper=self.root_helper).AndReturn(None)
- self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'],
+ self.iptables.execute(['iptables-save', '-t', 'nat'],
root_helper=self.root_helper).AndReturn('')
- self.iptables.execute(['/sbin/iptables-restore'],
+ self.iptables.execute(['iptables-restore'],
process_input=(':%s-float-snat - [0:0]\n:%s-POS'
'TROUTING - [0:0]\n:%s-PREROUTING - [0:0]\n:%s-'
'nat - [0:0]\n:%s-OUTPUT - [0:0]\n:%s-snat - [0'
@@ -217,17 +217,17 @@ def test_add_nat_rule(self):
bn, bn, bn, bn, bn, bn, bn, bn, bn, bn, bn)),
root_helper=self.root_helper).AndReturn(None)
- self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'],
+ self.iptables.execute(['iptables-save', '-t', 'filter'],
root_helper=self.root_helper).AndReturn('')
- self.iptables.execute(['/sbin/iptables-restore'],
+ self.iptables.execute(['iptables-restore'],
process_input=filter_dump,
root_helper=self.root_helper).AndReturn(None)
- self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'],
+ self.iptables.execute(['iptables-save', '-t', 'nat'],
root_helper=self.root_helper).AndReturn('')
- self.iptables.execute(['/sbin/iptables-restore'],
+ self.iptables.execute(['iptables-restore'],
process_input=(':%s-float-snat - [0:0]\n:%s-POST'
'ROUTING - [0:0]\n:%s-PREROUTING - [0:0]\n:%s-OU'
'TPUT - [0:0]\n:%s-snat - [0:0]\n:quantum-postro'

0 comments on commit 425e942

Please sign in to comment.