openstack/nova
Code Issues Proposed changes

Move blkid calls to privsep.

Browse Source 
The same pattern as before.

Change-Id: If9aaca8dd9c9a82378807bbc5d2c157e719dab4d
blueprint: hurrah-for-privsep
This commit is contained in:
Michael Still 2017-09-27 07:00:37 +10:00
parent bbb1a72257
commit 3c7a72c213
5 changed files with 16 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
etc/nova/rootwrap.d/compute.filters
View File

@ -6,9 +6,6 @@
# nova/virt/xenapi/vm_utils.py: tune2fs, -j, partition_path
tune2fs: CommandFilter, tune2fs, root
# nova/virt/disk/vfs/localfs.py: 'blkid', '-o', 'value', '-s', 'TYPE', device
blkid: CommandFilter, blkid, root
# nova/virt/libvirt/utils.py: 'blockdev', '--getsize64', path
# nova/virt/disk/mount/nbd.py: 'blockdev', '--flushbufs', device
blockdev: RegExpFilter, blockdev, root, blockdev, (--getsize64|--flushbufs), /dev/.*

6
nova/privsep/fs.py
View File

@ -117,3 +117,9 @@ def create_device_maps(device):
@nova.privsep.sys_admin_pctxt.entrypoint
def remove_device_maps(device):
return processutils.execute('kpartx', '-d', device)
@nova.privsep.sys_admin_pctxt.entrypoint
def get_filesystem_type(device):
return processutils.execute('blkid', '-o', 'value', '-s', 'TYPE', device,
check_exit_code=[0, 2])

12
nova/tests/unit/virt/disk/vfs/test_localfs.py
View File

@ -167,8 +167,9 @@ class VirtDiskVFSLocalFSTest(test.NoDBTestCase):
uid=getpwnam.return_value.pw_uid,
gid=getgrnam.return_value.gr_gid)
@mock.patch.object(nova.utils, 'execute')
def test_get_format_fs(self, execute):
@mock.patch('nova.privsep.fs.get_filesystem_type',
return_value=('ext3\n', ''))
def test_get_format_fs(self, mock_type):
vfs = vfsimpl.VFSLocalFS(self.rawfile)
vfs.setup = mock.MagicMock()
vfs.teardown = mock.MagicMock()
@ -187,17 +188,12 @@ class VirtDiskVFSLocalFSTest(test.NoDBTestCase):
vfs.setup.side_effect = fake_setup
vfs.teardown.side_effect = fake_teardown
execute.return_value = ('ext3\n', '')
vfs.setup()
self.assertEqual('ext3', vfs.get_image_fs())
vfs.teardown()
vfs.mount.get_dev.assert_called_once_with()
execute.assert_called_once_with('blkid', '-o',
'value', '-s',
'TYPE', '/dev/xyz',
run_as_root=True,
check_exit_code=[0, 2])
mock_type.assert_called_once_with('/dev/xyz')
@mock.patch.object(tempfile, 'mkdtemp')
@mock.patch.object(nbd, 'NbdMount')

8
nova/virt/disk/vfs/localfs.py
View File

@ -23,8 +23,8 @@ from oslo_utils import excutils
from nova import exception
from nova.i18n import _
import nova.privsep.fs
import nova.privsep.path
from nova import utils
from nova.virt.disk.mount import api as mount_api
from nova.virt.disk.vfs import api as vfs
@ -142,10 +142,6 @@ class VFSLocalFS(vfs.VFS):
def get_image_fs(self):
if self.mount.device or self.mount.get_dev():
out, err = utils.execute('blkid', '-o',
'value', '-s',
'TYPE', self.mount.device,
run_as_root=True,
check_exit_code=[0, 2])
out, err = nova.privsep.fs.get_filesystem_type(self.mount.device)
return out.strip()
return ""

7
releasenotes/notes/privsep-queens-rootwrap-adds-907aa1bc8e3eb2ca.yaml
View File

@ -10,6 +10,7 @@ upgrade:
internal functionality using privsep.
- |
The following commands are no longer required to be listed in your rootwrap
configuration: cat; chown; cryptsetup; dd; kpartx; losetup; lvcreate;
lvremove; lvs; mkdir; mount; nova-idmapshift; ploop; prl_disk_tool;
qemu-nbd; readlink; shred; tee; touch; umount; vgs; and xend.
configuration: blkid; cat; chown; cryptsetup; dd; kpartx; losetup;
lvcreate; lvremove; lvs; mkdir; mount; nova-idmapshift; ploop;
prl_disk_tool; qemu-nbd; readlink; shred; tee; touch; umount; vgs;
and xend.