From 8afbaa1c80d54d7f6591f8f2c1a26c34f60c77e1 Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Wed, 13 May 2015 20:53:08 -0400 Subject: [PATCH] Support for running Nova with oslo.rootwrap daemon Nova is being enhanced to use rootwrap as a daemon. For this effort, we need an additional entry for nova-rootwrap-daemon in the sudoers.d/ directory. Needed by: I57dc2efa39b86fa1fa20730ad70d056e87617c96 Change-Id: I80c7b9dd8e9e0f940aa4e54a95b241dfc40d3574 --- inc/rootwrap | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/inc/rootwrap b/inc/rootwrap index 411e5f7b73..f91e557e68 100644 --- a/inc/rootwrap +++ b/inc/rootwrap @@ -59,12 +59,16 @@ function configure_rootwrap { sudo install -o root -g root -m 644 $rootwrap_conf_src_dir/rootwrap.conf /etc/${project}/rootwrap.conf sudo sed -e "s:^filters_path=.*$:filters_path=/etc/${project}/rootwrap.d:" -i /etc/${project}/rootwrap.conf - # Specify rootwrap.conf as first parameter to rootwrap - rootwrap_sudo_cmd="$rootwrap_bin /etc/${project}/rootwrap.conf *" - # Set up the rootwrap sudoers local tempfile=$(mktemp) + # Specify rootwrap.conf as first parameter to rootwrap + rootwrap_sudo_cmd="${rootwrap_bin} /etc/${project}/rootwrap.conf *" echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudo_cmd" >$tempfile + if [ -f ${bin_dir}/${project}-rootwrap-daemon ]; then + # rootwrap daemon does not need any parameters + rootwrap_sudo_cmd="${rootwrap_bin}-daemon /etc/${project}/rootwrap.conf" + echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudo_cmd" >>$tempfile + fi chmod 0440 $tempfile sudo chown root:root $tempfile sudo mv $tempfile /etc/sudoers.d/${project}-rootwrap