def setUp(self): super(RootwrapTestCase, self).setUp() self.filters = [ filters.RegExpFilter("/bin/ls", "root", 'ls', '/[a-z]+'), filters.CommandFilter("/usr/bin/foo_bar_not_exist", "root"), filters.RegExpFilter("/bin/cat", "root", 'cat', '/[a-z]+'), filters.CommandFilter("/nonexistent/cat", "root"), filters.CommandFilter("/bin/cat", "root") # Keep this one last ]
def test_exec_dirs_search(self): # This test supposes you have /bin/cat or /usr/bin/cat locally f = filters.CommandFilter("cat", "root") usercmd = ['cat', '/f'] self.assertTrue(f.match(usercmd)) self.assertTrue( f.get_command(usercmd, exec_dirs=['/bin', '/usr/bin']) in ( ['/bin/cat', '/f'], ['/usr/bin/cat', '/f']))
# nova/network/linux_net.py: 'ip', 'addr', 'del', str(floating_ip)+'/32'.. # nova/network/linux_net.py: 'ip', 'addr', 'add', '169.254.169.254/32',.. # nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', dev, 'scope',.. # nova/network/linux_net.py: 'ip', 'addr', 'del/add', ip_params, dev) # nova/network/linux_net.py: 'ip', 'addr', 'del', params, fields[-1] # nova/network/linux_net.py: 'ip', 'addr', 'add', params, bridge # nova/network/linux_net.py: 'ip', '-f', 'inet6', 'addr', 'change', .. # nova/network/linux_net.py: 'ip', 'link', 'set', 'dev', dev, 'promisc',.. # nova/network/linux_net.py: 'ip', 'link', 'add', 'link', bridge_if ... # nova/network/linux_net.py: 'ip', 'link', 'set', interface, "address",.. # nova/network/linux_net.py: 'ip', 'link', 'set', interface, 'up' # nova/network/linux_net.py: 'ip', 'link', 'set', bridge, 'up' # nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', interface, .. # nova/network/linux_net.py: 'ip', 'link', 'set', dev, "address", .. # nova/network/linux_net.py: 'ip', 'link', 'set', dev, 'up' filters.CommandFilter("/sbin/ip", "root"), # nova/network/linux_net.py: 'ip[6]tables-save' % (cmd,), '-t', ... filters.CommandFilter("/sbin/iptables-save", "root"), filters.CommandFilter("/sbin/ip6tables-save", "root"), # nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,) filters.CommandFilter("/sbin/iptables-restore", "root"), filters.CommandFilter("/sbin/ip6tables-restore", "root"), # nova/network/linux_net.py: 'arping', '-U', floating_ip, '-A', '-I', ... # nova/network/linux_net.py: 'arping', '-U', network_ref['dhcp_server'],.. filters.CommandFilter("/usr/bin/arping", "root"), # nova/network/linux_net.py: 'route', '-n' # nova/network/linux_net.py: 'route', 'del', 'default', 'gw'
# not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from nova.rootwrap import filters filterlist = [ # nova/volume/iscsi.py: iscsi_helper '--op' ... filters.CommandFilter("/usr/sbin/ietadm", "root"), filters.CommandFilter("/usr/sbin/tgtadm", "root"), # nova/volume/driver.py: 'vgs', '--noheadings', '-o', 'name' filters.CommandFilter("/sbin/vgs", "root"), # nova/volume/driver.py: 'lvcreate', '-L', sizestr, '-n', volume_name,.. # nova/volume/driver.py: 'lvcreate', '-L', ... filters.CommandFilter("/sbin/lvcreate", "root"), # nova/volume/driver.py: 'dd', 'if=%s' % srcstr, 'of=%s' % deststr,... filters.CommandFilter("/bin/dd", "root"), # nova/volume/driver.py: 'lvremove', '-f', "%s/%s" % ... filters.CommandFilter("/sbin/lvremove", "root"),
# not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from nova.rootwrap import filters filterlist = [ # This line was patched by Puppet filters.CommandFilter("/usr/bin/virsh", "root"), # nova/virt/disk/mount.py: 'kpartx', '-a', device # nova/virt/disk/mount.py: 'kpartx', '-d', device filters.CommandFilter("/sbin/kpartx", "root"), # nova/virt/disk/mount.py: 'tune2fs', '-c', 0, '-i', 0, mapped_device # nova/virt/xenapi/vm_utils.py: "tune2fs", "-O ^has_journal", part_path # nova/virt/xenapi/vm_utils.py: "tune2fs", "-j", partition_path filters.CommandFilter("/sbin/tune2fs", "root"), # nova/virt/disk/mount.py: 'mount', mapped_device, mount_dir # nova/virt/xenapi/vm_utils.py: 'mount', '-t', 'ext2,ext3,ext4,reiserfs'.. filters.CommandFilter("/bin/mount", "root"), # nova/virt/disk/mount.py: 'umount', mapped_device # nova/virt/xenapi/vm_utils.py: 'umount', dev_path