Move blkid calls to privsep.
The same pattern as before. Change-Id: If9aaca8dd9c9a82378807bbc5d2c157e719dab4d blueprint: hurrah-for-privsep
This commit is contained in:
Michael Still
parent
bbb1a72257
commit
3c7a72c213
@ -6,9 +6,6 @@
|
|||||||
# nova/virt/xenapi/vm_utils.py: tune2fs, -j, partition_path
|
# nova/virt/xenapi/vm_utils.py: tune2fs, -j, partition_path
|
||||||
tune2fs: CommandFilter, tune2fs, root
|
tune2fs: CommandFilter, tune2fs, root
|
||||||
|
|
||||||
# nova/virt/disk/vfs/localfs.py: 'blkid', '-o', 'value', '-s', 'TYPE', device
|
|
||||||
blkid: CommandFilter, blkid, root
|
|
||||||
|
|
||||||
# nova/virt/libvirt/utils.py: 'blockdev', '--getsize64', path
|
# nova/virt/libvirt/utils.py: 'blockdev', '--getsize64', path
|
||||||
# nova/virt/disk/mount/nbd.py: 'blockdev', '--flushbufs', device
|
# nova/virt/disk/mount/nbd.py: 'blockdev', '--flushbufs', device
|
||||||
blockdev: RegExpFilter, blockdev, root, blockdev, (--getsize64|--flushbufs), /dev/.*
|
blockdev: RegExpFilter, blockdev, root, blockdev, (--getsize64|--flushbufs), /dev/.*
|
||||||
|
|||||||
@ -117,3 +117,9 @@ def create_device_maps(device):
|
|||||||
@nova.privsep.sys_admin_pctxt.entrypoint
|
@nova.privsep.sys_admin_pctxt.entrypoint
|
||||||
def remove_device_maps(device):
|
def remove_device_maps(device):
|
||||||
return processutils.execute('kpartx', '-d', device)
|
return processutils.execute('kpartx', '-d', device)
|
||||||
|
|
||||||
|
|
||||||
|
@nova.privsep.sys_admin_pctxt.entrypoint
|
||||||
|
def get_filesystem_type(device):
|
||||||
|
return processutils.execute('blkid', '-o', 'value', '-s', 'TYPE', device,
|
||||||
|
check_exit_code=[0, 2])
|
||||||
|
|||||||
@ -167,8 +167,9 @@ class VirtDiskVFSLocalFSTest(test.NoDBTestCase):
|
|||||||
uid=getpwnam.return_value.pw_uid,
|
uid=getpwnam.return_value.pw_uid,
|
||||||
gid=getgrnam.return_value.gr_gid)
|
gid=getgrnam.return_value.gr_gid)
|
||||||
|
|
||||||
@mock.patch.object(nova.utils, 'execute')
|
@mock.patch('nova.privsep.fs.get_filesystem_type',
|
||||||
def test_get_format_fs(self, execute):
|
return_value=('ext3\n', ''))
|
||||||
|
def test_get_format_fs(self, mock_type):
|
||||||
vfs = vfsimpl.VFSLocalFS(self.rawfile)
|
vfs = vfsimpl.VFSLocalFS(self.rawfile)
|
||||||
vfs.setup = mock.MagicMock()
|
vfs.setup = mock.MagicMock()
|
||||||
vfs.teardown = mock.MagicMock()
|
vfs.teardown = mock.MagicMock()
|
||||||
@ -187,17 +188,12 @@ class VirtDiskVFSLocalFSTest(test.NoDBTestCase):
|
|||||||
|
|
||||||
vfs.setup.side_effect = fake_setup
|
vfs.setup.side_effect = fake_setup
|
||||||
vfs.teardown.side_effect = fake_teardown
|
vfs.teardown.side_effect = fake_teardown
|
||||||
execute.return_value = ('ext3\n', '')
|
|
||||||
|
|
||||||
vfs.setup()
|
vfs.setup()
|
||||||
self.assertEqual('ext3', vfs.get_image_fs())
|
self.assertEqual('ext3', vfs.get_image_fs())
|
||||||
vfs.teardown()
|
vfs.teardown()
|
||||||
vfs.mount.get_dev.assert_called_once_with()
|
vfs.mount.get_dev.assert_called_once_with()
|
||||||
execute.assert_called_once_with('blkid', '-o',
|
mock_type.assert_called_once_with('/dev/xyz')
|
||||||
'value', '-s',
|
|
||||||
'TYPE', '/dev/xyz',
|
|
||||||
run_as_root=True,
|
|
||||||
check_exit_code=[0, 2])
|
|
||||||
|
|
||||||
@mock.patch.object(tempfile, 'mkdtemp')
|
@mock.patch.object(tempfile, 'mkdtemp')
|
||||||
@mock.patch.object(nbd, 'NbdMount')
|
@mock.patch.object(nbd, 'NbdMount')
|
||||||
|
|||||||
@ -23,8 +23,8 @@ from oslo_utils import excutils
|
|||||||
|
|
||||||
from nova import exception
|
from nova import exception
|
||||||
from nova.i18n import _
|
from nova.i18n import _
|
||||||
|
import nova.privsep.fs
|
||||||
import nova.privsep.path
|
import nova.privsep.path
|
||||||
from nova import utils
|
|
||||||
from nova.virt.disk.mount import api as mount_api
|
from nova.virt.disk.mount import api as mount_api
|
||||||
from nova.virt.disk.vfs import api as vfs
|
from nova.virt.disk.vfs import api as vfs
|
||||||
|
|
||||||
@ -142,10 +142,6 @@ class VFSLocalFS(vfs.VFS):
|
|||||||
|
|
||||||
def get_image_fs(self):
|
def get_image_fs(self):
|
||||||
if self.mount.device or self.mount.get_dev():
|
if self.mount.device or self.mount.get_dev():
|
||||||
out, err = utils.execute('blkid', '-o',
|
out, err = nova.privsep.fs.get_filesystem_type(self.mount.device)
|
||||||
'value', '-s',
|
|
||||||
'TYPE', self.mount.device,
|
|
||||||
run_as_root=True,
|
|
||||||
check_exit_code=[0, 2])
|
|
||||||
return out.strip()
|
return out.strip()
|
||||||
return ""
|
return ""
|
||||||
|
|||||||
@ -10,6 +10,7 @@ upgrade:
|
|||||||
internal functionality using privsep.
|
internal functionality using privsep.
|
||||||
- |
|
- |
|
||||||
The following commands are no longer required to be listed in your rootwrap
|
The following commands are no longer required to be listed in your rootwrap
|
||||||
configuration: cat; chown; cryptsetup; dd; kpartx; losetup; lvcreate;
|
configuration: blkid; cat; chown; cryptsetup; dd; kpartx; losetup;
|
||||||
lvremove; lvs; mkdir; mount; nova-idmapshift; ploop; prl_disk_tool;
|
lvcreate; lvremove; lvs; mkdir; mount; nova-idmapshift; ploop;
|
||||||
qemu-nbd; readlink; shred; tee; touch; umount; vgs; and xend.
|
prl_disk_tool; qemu-nbd; readlink; shred; tee; touch; umount; vgs;
|
||||||
|
and xend.
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user