diff options
| author | Michael Still <mikal@stillhq.com> | 2017-09-27 07:00:37 +1000 |
|---|---|---|
| committer | Michael Still <mikal@stillhq.com> | 2017-10-26 07:16:09 +1100 |
| commit | 3c7a72c213e38f2defa240865eb3b359ca555b2a (patch) | |
| tree | 63542d98bda798e9d77454cf6592863903bcdf82 | |
| parent | bbb1a72257a3c6b8e4be193d7fb49a0b310908b3 (diff) | |
| download | nova-3c7a72c213e38f2defa240865eb3b359ca555b2a.tar.gz | |
Move blkid calls to privsep.
The same pattern as before.
Change-Id: If9aaca8dd9c9a82378807bbc5d2c157e719dab4d
blueprint: hurrah-for-privsep
| -rw-r--r-- | etc/nova/rootwrap.d/compute.filters | 3 | ||||
| -rw-r--r-- | nova/privsep/fs.py | 6 | ||||
| -rw-r--r-- | nova/tests/unit/virt/disk/vfs/test_localfs.py | 12 | ||||
| -rw-r--r-- | nova/virt/disk/vfs/localfs.py | 8 | ||||
| -rw-r--r-- | releasenotes/notes/privsep-queens-rootwrap-adds-907aa1bc8e3eb2ca.yaml | 7 |
5 files changed, 16 insertions, 20 deletions
diff --git a/etc/nova/rootwrap.d/compute.filters b/etc/nova/rootwrap.d/compute.filters index 3d733acba0..a2fc4754fa 100644 --- a/etc/nova/rootwrap.d/compute.filters +++ b/etc/nova/rootwrap.d/compute.filters @@ -6,9 +6,6 @@ # nova/virt/xenapi/vm_utils.py: tune2fs, -j, partition_path tune2fs: CommandFilter, tune2fs, root -# nova/virt/disk/vfs/localfs.py: 'blkid', '-o', 'value', '-s', 'TYPE', device -blkid: CommandFilter, blkid, root - # nova/virt/libvirt/utils.py: 'blockdev', '--getsize64', path # nova/virt/disk/mount/nbd.py: 'blockdev', '--flushbufs', device blockdev: RegExpFilter, blockdev, root, blockdev, (--getsize64|--flushbufs), /dev/.* diff --git a/nova/privsep/fs.py b/nova/privsep/fs.py index 89fdcf6c9a..e637a05e3d 100644 --- a/nova/privsep/fs.py +++ b/nova/privsep/fs.py @@ -117,3 +117,9 @@ def create_device_maps(device): @nova.privsep.sys_admin_pctxt.entrypoint def remove_device_maps(device): return processutils.execute('kpartx', '-d', device) + + +@nova.privsep.sys_admin_pctxt.entrypoint +def get_filesystem_type(device): + return processutils.execute('blkid', '-o', 'value', '-s', 'TYPE', device, + check_exit_code=[0, 2]) diff --git a/nova/tests/unit/virt/disk/vfs/test_localfs.py b/nova/tests/unit/virt/disk/vfs/test_localfs.py index 365ce18c41..8ea7d641a7 100644 --- a/nova/tests/unit/virt/disk/vfs/test_localfs.py +++ b/nova/tests/unit/virt/disk/vfs/test_localfs.py @@ -167,8 +167,9 @@ class VirtDiskVFSLocalFSTest(test.NoDBTestCase): uid=getpwnam.return_value.pw_uid, gid=getgrnam.return_value.gr_gid) - @mock.patch.object(nova.utils, 'execute') - def test_get_format_fs(self, execute): + @mock.patch('nova.privsep.fs.get_filesystem_type', + return_value=('ext3\n', '')) + def test_get_format_fs(self, mock_type): vfs = vfsimpl.VFSLocalFS(self.rawfile) vfs.setup = mock.MagicMock() vfs.teardown = mock.MagicMock() @@ -187,17 +188,12 @@ class VirtDiskVFSLocalFSTest(test.NoDBTestCase): vfs.setup.side_effect = fake_setup vfs.teardown.side_effect = fake_teardown - execute.return_value = ('ext3\n', '') vfs.setup() self.assertEqual('ext3', vfs.get_image_fs()) vfs.teardown() vfs.mount.get_dev.assert_called_once_with() - execute.assert_called_once_with('blkid', '-o', - 'value', '-s', - 'TYPE', '/dev/xyz', - run_as_root=True, - check_exit_code=[0, 2]) + mock_type.assert_called_once_with('/dev/xyz') @mock.patch.object(tempfile, 'mkdtemp') @mock.patch.object(nbd, 'NbdMount') diff --git a/nova/virt/disk/vfs/localfs.py b/nova/virt/disk/vfs/localfs.py index d1125a1e5b..3095f88dd0 100644 --- a/nova/virt/disk/vfs/localfs.py +++ b/nova/virt/disk/vfs/localfs.py @@ -23,8 +23,8 @@ from oslo_utils import excutils from nova import exception from nova.i18n import _ +import nova.privsep.fs import nova.privsep.path -from nova import utils from nova.virt.disk.mount import api as mount_api from nova.virt.disk.vfs import api as vfs @@ -142,10 +142,6 @@ class VFSLocalFS(vfs.VFS): def get_image_fs(self): if self.mount.device or self.mount.get_dev(): - out, err = utils.execute('blkid', '-o', - 'value', '-s', - 'TYPE', self.mount.device, - run_as_root=True, - check_exit_code=[0, 2]) + out, err = nova.privsep.fs.get_filesystem_type(self.mount.device) return out.strip() return "" diff --git a/releasenotes/notes/privsep-queens-rootwrap-adds-907aa1bc8e3eb2ca.yaml b/releasenotes/notes/privsep-queens-rootwrap-adds-907aa1bc8e3eb2ca.yaml index 4f59f1c431..49db6d4736 100644 --- a/releasenotes/notes/privsep-queens-rootwrap-adds-907aa1bc8e3eb2ca.yaml +++ b/releasenotes/notes/privsep-queens-rootwrap-adds-907aa1bc8e3eb2ca.yaml @@ -10,6 +10,7 @@ upgrade: internal functionality using privsep. - | The following commands are no longer required to be listed in your rootwrap - configuration: cat; chown; cryptsetup; dd; kpartx; losetup; lvcreate; - lvremove; lvs; mkdir; mount; nova-idmapshift; ploop; prl_disk_tool; - qemu-nbd; readlink; shred; tee; touch; umount; vgs; and xend. + configuration: blkid; cat; chown; cryptsetup; dd; kpartx; losetup; + lvcreate; lvremove; lvs; mkdir; mount; nova-idmapshift; ploop; + prl_disk_tool; qemu-nbd; readlink; shred; tee; touch; umount; vgs; + and xend. |