From 193d6997276d3efcfaf99e5fcca1354c8c8c4670 Mon Sep 17 00:00:00 2001 From: John Dunning Date: Tue, 14 Aug 2012 14:31:47 -0400 Subject: Update rootwrap; track changes in nova/cinder Fix bug 1037815 Summary: Copy/paste the essential parts of the rootwrap mechanism from nova/cinder into quantum. This includes the core changes to filter.py and wrapper.py which deal with loading filters from files pointed to by rootwrap.conf Detailed changes: Transliterate the old rootwrap/*-agent.py files to new format, and put the results in etc/quantum/rootwrap.d Delete the *-agent.py files. Add conf to point to etc/quantum/rootwrap.d Add a unit test cribbed from nova to exercise the filter mechanism Add a unit test to exercise the actual filtered execution Note that as written, this patch does not set the default execute mechanism (in the agent .ini files) to rootwrap, leaves it as sudo. That can be done in a followon change, or in distro specific packaging. Note also that there is still work to do around finishing and testing the filter specs themselves. We've decided that that is out of scope for this patch. Change-Id: I9aba6adc5ba40b6145be5fa38c5ece3b666ae5ca --- setup.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'setup.py') diff --git a/setup.py b/setup.py index 1a59f0c638..7abb848b84 100644 --- a/setup.py +++ b/setup.py @@ -39,6 +39,7 @@ EagerResources = [ ] ProjectScripts = [ + 'bin/quantum-rootwrap', ] config_path = 'etc/quantum/' @@ -54,6 +55,7 @@ nec_plugin_config_path = 'etc/quantum/plugins/nec' DataFiles = [ (config_path, ['etc/quantum.conf', + 'etc/rootwrap.conf', 'etc/api-paste.ini', 'etc/policy.json', 'etc/dhcp_agent.ini']), -- cgit v1.2.1