Remove 'ln' command from rootwrap filter

Remove 'ln' command from rootwrap filter and oslo.privsep.

Change-Id: I78307620d4dd350656c3350aace2069c9929e850
Signed-off-by: Chuck Short <chucks@redhat.com>
This commit is contained in:
Chuck Short 2018-10-18 11:01:28 -04:00
parent d7240f1cab
commit 07180623f5
6 changed files with 19 additions and 11 deletions

View File

@ -37,6 +37,7 @@ from cinder.backup import driver
from cinder import exception from cinder import exception
from cinder.i18n import _ from cinder.i18n import _
from cinder import interface from cinder import interface
import cinder.privsep.path
from cinder import utils from cinder import utils
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -108,9 +109,7 @@ def _make_link(volume_path, backup_path, vol_id):
""" """
try: try:
utils.execute('ln', volume_path, backup_path, cinder.privsep.path.symlink(volume_path, backup_path)
run_as_root=True,
check_exit_code=True)
except processutils.ProcessExecutionError as exc: except processutils.ProcessExecutionError as exc:
err = (_('backup: %(vol_id)s failed to create device hardlink ' err = (_('backup: %(vol_id)s failed to create device hardlink '
'from %(vpath)s to %(bpath)s.\n' 'from %(vpath)s to %(bpath)s.\n'

View File

@ -45,3 +45,10 @@ def touch(path):
os.utime(path, None) os.utime(path, None)
else: else:
open(path, 'a').close() open(path, 'a').close()
@cinder.privsep.sys_admin_pctxt.entrypoint
def symlink(src, dest):
if not os.path.exists(src):
raise exception.FileNotFound(file_path=src)
os.symlink(src, dest)

View File

@ -265,7 +265,8 @@ class BackupTSMTestCase(test.TestCase):
return db.backup_create(self.ctxt, backup)['id'] return db.backup_create(self.ctxt, backup)['id']
@mock.patch.object(tsm.os, 'stat', fake_stat_image) @mock.patch.object(tsm.os, 'stat', fake_stat_image)
def test_backup_image(self): @mock.patch('cinder.privsep.path.symlink')
def test_backup_image(self, mock_symlink):
volume_id = fake.VOLUME_ID volume_id = fake.VOLUME_ID
mode = 'image' mode = 'image'
self._create_volume_db_entry(volume_id) self._create_volume_db_entry(volume_id)
@ -299,7 +300,8 @@ class BackupTSMTestCase(test.TestCase):
self.driver.delete_backup(backup1) self.driver.delete_backup(backup1)
@mock.patch.object(tsm.os, 'stat', fake_stat_file) @mock.patch.object(tsm.os, 'stat', fake_stat_file)
def test_backup_file(self): @mock.patch('cinder.privsep.path.symlink')
def test_backup_file(self, mock_symlink):
volume_id = fake.VOLUME_ID volume_id = fake.VOLUME_ID
mode = 'file' mode = 'file'
self._create_volume_db_entry(volume_id) self._create_volume_db_entry(volume_id)

View File

@ -98,13 +98,15 @@ class VeritasCNFSDriverTestCase(test.TestCase):
volume = fake_volume.fake_volume_obj(self.context, volume = fake_volume.fake_volume_obj(self.context,
provider_location=self._loc) provider_location=self._loc)
snapshot = fake_volume.fake_volume_obj(self.context) snapshot = fake_volume.fake_volume_obj(self.context)
with mock.patch.object(drv, '_execute'): with mock.patch('cinder.privsep.path.symlink'):
m_exists.return_value = True m_exists.return_value = True
drv._do_clone_volume(volume, volume.name, snapshot) drv._do_clone_volume(volume, volume.name, snapshot)
@mock.patch.object(cnfs.VeritasCNFSDriver, '_get_local_volume_path') @mock.patch.object(cnfs.VeritasCNFSDriver, '_get_local_volume_path')
@mock.patch.object(os.path, 'exists') @mock.patch.object(os.path, 'exists')
def test_do_clone_volume_fail(self, m_exists, m_get_local_volume_path): @mock.patch('cinder.privsep.path.symlink')
def test_do_clone_volume_fail(
self, m_symlink, m_exists, m_get_local_volume_path):
"""test _do_clone_volume() when filesnap over nfs is supported""" """test _do_clone_volume() when filesnap over nfs is supported"""
drv = self.driver drv = self.driver
volume = fake_volume.fake_volume_obj(self.context) volume = fake_volume.fake_volume_obj(self.context)

View File

@ -21,6 +21,7 @@ from oslo_utils import excutils
from cinder import exception from cinder import exception
from cinder.i18n import _ from cinder.i18n import _
from cinder import interface from cinder import interface
import cinder.privsep.path
from cinder.volume.drivers import nfs from cinder.volume.drivers import nfs
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -155,7 +156,7 @@ class VeritasCNFSDriver(nfs.NfsDriver):
tgt_vol_path = self._get_local_volume_path(cnfs_share, tgt_vol_name) tgt_vol_path = self._get_local_volume_path(cnfs_share, tgt_vol_name)
src_vol_path = self._get_local_volume_path(cnfs_share, src_vol_name) src_vol_path = self._get_local_volume_path(cnfs_share, src_vol_name)
tgt_vol_path_spl = tgt_vol_path + "::snap:vxfs:" tgt_vol_path_spl = tgt_vol_path + "::snap:vxfs:"
self._execute('ln', src_vol_path, tgt_vol_path_spl, run_as_root=True) cinder.privsep.path.symlink(src_vol_path, tgt_vol_path_spl)
LOG.debug("VeritasNFSDriver: do_clone_volume %(src_vol_path)s " LOG.debug("VeritasNFSDriver: do_clone_volume %(src_vol_path)s "
"%(tgt_vol_path)s %(tgt_vol_path_spl)s", "%(tgt_vol_path)s %(tgt_vol_path_spl)s",
{'src_vol_path': src_vol_path, {'src_vol_path': src_vol_path,

View File

@ -93,9 +93,6 @@ ionice_2: ChainingRegExpFilter, ionice, root, ionice, -c[0-3]
# cinder/volume/utils.py: setup_blkio_cgroup() # cinder/volume/utils.py: setup_blkio_cgroup()
cgexec: ChainingRegExpFilter, cgexec, root, cgexec, -g, blkio:\S+ cgexec: ChainingRegExpFilter, cgexec, root, cgexec, -g, blkio:\S+
# cinder/volume/driver.py
ln: CommandFilter, ln, root
# cinder/image/image_utils.py # cinder/image/image_utils.py
qemu-img: EnvFilter, env, root, LC_ALL=C, qemu-img qemu-img: EnvFilter, env, root, LC_ALL=C, qemu-img
qemu-img_convert: CommandFilter, qemu-img, root qemu-img_convert: CommandFilter, qemu-img, root