From 9703e14cbe1581fb35872d4797248b5cbf60df38 Mon Sep 17 00:00:00 2001 From: Chuck Short Date: Mon, 22 Oct 2018 11:56:35 -0400 Subject: [PATCH] Remove scstadmin from rootwrap Use oslo.privsep for scstadmin and remove it from etc/cinder/rootwrap.d/volume.filters. Change-Id: I55c8d40ee082a32fa51c893845a0b0aa4dad1492 Signed-off-by: Chuck Short --- cinder/privsep/targets/__init__.py | 0 cinder/privsep/targets/scst.py | 28 +++++++++++++++++++ cinder/tests/unit/targets/test_scst_driver.py | 6 ++-- cinder/volume/targets/scst.py | 4 +-- etc/cinder/rootwrap.d/volume.filters | 1 - 5 files changed, 33 insertions(+), 6 deletions(-) create mode 100644 cinder/privsep/targets/__init__.py create mode 100644 cinder/privsep/targets/scst.py diff --git a/cinder/privsep/targets/__init__.py b/cinder/privsep/targets/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/cinder/privsep/targets/scst.py b/cinder/privsep/targets/scst.py new file mode 100644 index 00000000000..1634a1eca33 --- /dev/null +++ b/cinder/privsep/targets/scst.py @@ -0,0 +1,28 @@ +# Copyright 2018 Red Hat, Inc +# Copyright 2017 Rackspace Australia +# Copyright 2018 Michael Still and Aptira +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +""" +Helpers for scst related routines. +""" + +from oslo_concurrency import processutils + +import cinder.privsep + + +@cinder.privsep.sys_admin_pctxt.entrypoint +def run_scstadmin(*args): + return processutils.execute('scstadmin', *args) diff --git a/cinder/tests/unit/targets/test_scst_driver.py b/cinder/tests/unit/targets/test_scst_driver.py index c45a56a0b94..067b0d5f37f 100644 --- a/cinder/tests/unit/targets/test_scst_driver.py +++ b/cinder/tests/unit/targets/test_scst_driver.py @@ -83,9 +83,9 @@ class TestSCSTAdmDriver(tf.TargetDriverFixture): 'iqn.2010-10.org.openstack:' 'volume-ed2c2222-5fc0-11e4-aa15-123b93f75cba')) - @mock.patch.object(utils, 'execute') - def test_target_attribute(self, mock_execute): - mock_execute.return_value = (self.fake_iscsi_attribute_scan, None) + @mock.patch('cinder.privsep.targets.scst.run_scstadmin') + def test_target_attribute(self, mock_privsep): + mock_privsep.return_value = (self.fake_iscsi_attribute_scan, None) self.assertEqual(str(1), self.target._target_attribute( 'iqn.2010-10.org.openstack:' 'volume-ed2c2222-5fc0-11e4-aa15-123b93f75cba')) diff --git a/cinder/volume/targets/scst.py b/cinder/volume/targets/scst.py index 6292cc2f78e..8b3fd8991a2 100644 --- a/cinder/volume/targets/scst.py +++ b/cinder/volume/targets/scst.py @@ -15,7 +15,7 @@ from oslo_log import log as logging from cinder import exception from cinder.i18n import _ -from cinder import utils +import cinder.privsep.targets.scst from cinder.volume.targets import iscsi from cinder.volume import utils as vutils @@ -37,7 +37,7 @@ class SCSTAdm(iscsi.ISCSITarget): self.remove_initiator_iqn = None def scst_execute(self, *args): - return utils.execute('scstadmin', *args, run_as_root=True) + return cinder.privsep.targets.scst.run_scstadmin(*args) def validate_connector(self, connector): # iSCSI drivers require the initiator information diff --git a/etc/cinder/rootwrap.d/volume.filters b/etc/cinder/rootwrap.d/volume.filters index e851f66a53f..42fbb7e58a5 100644 --- a/etc/cinder/rootwrap.d/volume.filters +++ b/etc/cinder/rootwrap.d/volume.filters @@ -8,7 +8,6 @@ tgtadm: CommandFilter, tgtadm, root iscsictl: CommandFilter, iscsictl, root tgt-admin: CommandFilter, tgt-admin, root cinder-rtstool: CommandFilter, cinder-rtstool, root -scstadmin: CommandFilter, scstadmin, root # LVM related show commands pvs: EnvFilter, env, root, LC_ALL=C, pvs