Skip to content

Commit

Permalink
Call iptables without absolute path.
Browse files Browse the repository at this point in the history 
Fixes bug 1069966

rootwrap expects the command name is not absolute. We need to call
the command without path to make rootwrap work well.

Change-Id: I6120103908d10ca257d177a320294de06a89c646
  • Loading branch information
@amotoki
amotoki committed Oct 24, 2012
1 parent a5c1c89 commit 84d60f5
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 25 deletions.
2 changes: 1 addition & 1 deletion quantum/agent/linux/iptables_manager.py
View file
Expand Up @@ -269,7 +269,7 @@ def apply(self):
rules. This happens atomically, thanks to iptables-restore.
"""
s = [('/sbin/iptables', self.ipv4)]
s = [('iptables', self.ipv4)]
if self.use_ipv6:
s += [('ip6tables', self.ipv6)]

Expand Down
48 changes: 24 additions & 24 deletions quantum/tests/unit/test_iptables_manager.py
View file
Expand Up @@ -44,7 +44,7 @@ def test_binary_name(self):

def test_add_and_remove_chain(self):
bn = iptables_manager.binary_name
self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'],
self.iptables.execute(['iptables-save', '-t', 'filter'],
root_helper=self.root_helper).AndReturn('')

nat_dump = (':%s-OUTPUT - [0:0]\n:%s-snat - [0:0]\n:%s-PREROUTING -'
Expand All @@ -56,7 +56,7 @@ def test_add_and_remove_chain(self):
'%s-snat -j %s-float-snat\n' % (bn, bn, bn, bn, bn, bn,
bn, bn, bn, bn, bn))

self.iptables.execute(['/sbin/iptables-restore'],
self.iptables.execute(['iptables-restore'],
process_input=(':%s-FORWARD - [0:0]\n:%s-INPUT'
' - [0:0]\n:%s-local - [0:0]\n:%s-filter - [0:'
'0]\n:%s-OUTPUT - [0:0]\n:quantum-filter-top -'
Expand All @@ -67,17 +67,17 @@ def test_add_and_remove_chain(self):
'\n' % (bn, bn, bn, bn, bn, bn, bn, bn, bn)
), root_helper=self.root_helper).AndReturn(None)

self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'],
self.iptables.execute(['iptables-save', '-t', 'nat'],
root_helper=self.root_helper).AndReturn('')

self.iptables.execute(['/sbin/iptables-restore'],
self.iptables.execute(['iptables-restore'],
process_input=nat_dump,
root_helper=self.root_helper).AndReturn(None)

self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'],
self.iptables.execute(['iptables-save', '-t', 'filter'],
root_helper=self.root_helper).AndReturn('')

self.iptables.execute(['/sbin/iptables-restore'],
self.iptables.execute(['iptables-restore'],
process_input=(':%s-FORWARD - [0:0]\n:%s-INPUT'
' - [0:0]\n:%s-local - [0:0]\n:%s-OUTPUT - [0:'
'0]\n:quantum-filter-top - [0:0]\n-A FORWARD -'
Expand All @@ -88,10 +88,10 @@ def test_add_and_remove_chain(self):
bn, bn, bn, bn)), root_helper=self.root_helper
).AndReturn(None)

self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'],
self.iptables.execute(['iptables-save', '-t', 'nat'],
root_helper=self.root_helper).AndReturn('')

self.iptables.execute(['/sbin/iptables-restore'],
self.iptables.execute(['iptables-restore'],
process_input=nat_dump,
root_helper=self.root_helper).AndReturn(None)

Expand All @@ -107,7 +107,7 @@ def test_add_and_remove_chain(self):

def test_add_filter_rule(self):
bn = iptables_manager.binary_name
self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'],
self.iptables.execute(['iptables-save', '-t', 'filter'],
root_helper=self.root_helper).AndReturn('')

nat_dump = (':%s-OUTPUT - [0:0]\n:%s-snat - [0:0]\n:%s-PREROUTING -'
Expand All @@ -119,7 +119,7 @@ def test_add_filter_rule(self):
'%s-snat -j %s-float-snat\n' % (bn, bn, bn, bn, bn, bn,
bn, bn, bn, bn, bn))

self.iptables.execute(['/sbin/iptables-restore'],
self.iptables.execute(['iptables-restore'],
process_input=(':%s-FORWARD - [0:0]\n:%s-INPUT'
' - [0:0]\n:%s-local - [0:0]\n:%s-filter - [0:'
'0]\n:%s-OUTPUT - [0:0]\n:quantum-filter-top -'
Expand All @@ -132,17 +132,17 @@ def test_add_filter_rule(self):
bn, bn, bn, bn, bn, bn, bn, bn)),
root_helper=self.root_helper).AndReturn(None)

self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'],
self.iptables.execute(['iptables-save', '-t', 'nat'],
root_helper=self.root_helper).AndReturn('')

self.iptables.execute(['/sbin/iptables-restore'],
self.iptables.execute(['iptables-restore'],
process_input=nat_dump,
root_helper=self.root_helper).AndReturn(None)

self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'],
self.iptables.execute(['iptables-save', '-t', 'filter'],
root_helper=self.root_helper).AndReturn('')

self.iptables.execute(['/sbin/iptables-restore'],
self.iptables.execute(['iptables-restore'],
process_input=(':%s-FORWARD - [0:0]\n:%s-INPUT -'
' [0:0]\n:%s-local - [0:0]\n:%s-OUTPUT - [0:0]\n'
':quantum-filter-top - [0:0]\n-A FORWARD -j quan'
Expand All @@ -153,10 +153,10 @@ def test_add_filter_rule(self):
bn)), root_helper=self.root_helper
).AndReturn(None)

self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'],
self.iptables.execute(['iptables-save', '-t', 'nat'],
root_helper=self.root_helper).AndReturn('')

self.iptables.execute(['/sbin/iptables-restore'],
self.iptables.execute(['iptables-restore'],
process_input=nat_dump,
root_helper=self.root_helper).AndReturn(None)

Expand Down Expand Up @@ -192,17 +192,17 @@ def test_add_nat_rule(self):
'ORWARD -j %s-FORWARD\n' % (bn, bn, bn, bn, bn,
bn, bn, bn))

self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'],
self.iptables.execute(['iptables-save', '-t', 'filter'],
root_helper=self.root_helper).AndReturn('')

self.iptables.execute(['/sbin/iptables-restore'],
self.iptables.execute(['iptables-restore'],
process_input=filter_dump,
root_helper=self.root_helper).AndReturn(None)

self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'],
self.iptables.execute(['iptables-save', '-t', 'nat'],
root_helper=self.root_helper).AndReturn('')

self.iptables.execute(['/sbin/iptables-restore'],
self.iptables.execute(['iptables-restore'],
process_input=(':%s-float-snat - [0:0]\n:%s-POS'
'TROUTING - [0:0]\n:%s-PREROUTING - [0:0]\n:%s-'
'nat - [0:0]\n:%s-OUTPUT - [0:0]\n:%s-snat - [0'
Expand All @@ -217,17 +217,17 @@ def test_add_nat_rule(self):
bn, bn, bn, bn, bn, bn, bn, bn, bn, bn, bn)),
root_helper=self.root_helper).AndReturn(None)

self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'],
self.iptables.execute(['iptables-save', '-t', 'filter'],
root_helper=self.root_helper).AndReturn('')

self.iptables.execute(['/sbin/iptables-restore'],
self.iptables.execute(['iptables-restore'],
process_input=filter_dump,
root_helper=self.root_helper).AndReturn(None)

self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'],
self.iptables.execute(['iptables-save', '-t', 'nat'],
root_helper=self.root_helper).AndReturn('')

self.iptables.execute(['/sbin/iptables-restore'],
self.iptables.execute(['iptables-restore'],
process_input=(':%s-float-snat - [0:0]\n:%s-POST'
'ROUTING - [0:0]\n:%s-PREROUTING - [0:0]\n:%s-OU'
'TPUT - [0:0]\n:%s-snat - [0:0]\n:quantum-postro'
Expand Down

0 comments on commit 84d60f5

Please sign in to comment.