Don't attempt to escalate cinder-manage privileges

Remove code which allowed cinder-manage to attempt to escalate
privileges so that configuration files can be read by users who
normally wouldn't have access, but do have sudo access.

Change-Id: Ibdfe5dfbe27856689408987f62d145dfd380fb90
Closes-Bug: 1611171
This commit is contained in:
pallavi 2016-09-17 16:28:24 +05:30 committed by Pallavi
parent 205a850276
commit a2839788e4
1 changed files with 3 additions and 11 deletions

View File

@ -700,17 +700,9 @@ def main():
except cfg.ConfigDirNotFoundError as details:
print(_("Invalid directory: %s") % details)
sys.exit(2)
except cfg.ConfigFilesNotFoundError:
cfgfile = CONF.config_file[-1] if CONF.config_file else None
if cfgfile and not os.access(cfgfile, os.R_OK):
st = os.stat(cfgfile)
print(_("Could not read %s. Re-running with sudo") % cfgfile)
try:
os.execvp('sudo', ['sudo', '-u', '#%s' % st.st_uid] + sys.argv)
except Exception:
print(_('sudo failed, continuing as if nothing happened'))
print(_('Please re-run cinder-manage as root.'))
except cfg.ConfigFilesNotFoundError as e:
cfg_files = e.config_files
print(_("Failed to read configuration file(s): %s") % cfg_files)
sys.exit(2)
fn = CONF.category.action_fn