From: Akihiro MOTOKI Date: Wed, 24 Oct 2012 13:14:06 +0000 (+0900) Subject: Call iptables without absolute path. X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=84d60f5fd477237bd856b97b9970dd796b10647e;p=openstack-build%2Fneutron-build.git Call iptables without absolute path. Fixes bug 1069966 rootwrap expects the command name is not absolute. We need to call the command without path to make rootwrap work well. Change-Id: I6120103908d10ca257d177a320294de06a89c646 --- diff --git a/quantum/agent/linux/iptables_manager.py b/quantum/agent/linux/iptables_manager.py index dd2e2fe51..83b4d8af2 100755 --- a/quantum/agent/linux/iptables_manager.py +++ b/quantum/agent/linux/iptables_manager.py @@ -269,7 +269,7 @@ class IptablesManager(object): rules. This happens atomically, thanks to iptables-restore. """ - s = [('/sbin/iptables', self.ipv4)] + s = [('iptables', self.ipv4)] if self.use_ipv6: s += [('ip6tables', self.ipv6)] diff --git a/quantum/tests/unit/test_iptables_manager.py b/quantum/tests/unit/test_iptables_manager.py index 6f81fea09..2d3e0b166 100644 --- a/quantum/tests/unit/test_iptables_manager.py +++ b/quantum/tests/unit/test_iptables_manager.py @@ -44,7 +44,7 @@ class IptablesManagerStateFulTestCase(unittest.TestCase): def test_add_and_remove_chain(self): bn = iptables_manager.binary_name - self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'], + self.iptables.execute(['iptables-save', '-t', 'filter'], root_helper=self.root_helper).AndReturn('') nat_dump = (':%s-OUTPUT - [0:0]\n:%s-snat - [0:0]\n:%s-PREROUTING -' @@ -56,7 +56,7 @@ class IptablesManagerStateFulTestCase(unittest.TestCase): '%s-snat -j %s-float-snat\n' % (bn, bn, bn, bn, bn, bn, bn, bn, bn, bn, bn)) - self.iptables.execute(['/sbin/iptables-restore'], + self.iptables.execute(['iptables-restore'], process_input=(':%s-FORWARD - [0:0]\n:%s-INPUT' ' - [0:0]\n:%s-local - [0:0]\n:%s-filter - [0:' '0]\n:%s-OUTPUT - [0:0]\n:quantum-filter-top -' @@ -67,17 +67,17 @@ class IptablesManagerStateFulTestCase(unittest.TestCase): '\n' % (bn, bn, bn, bn, bn, bn, bn, bn, bn) ), root_helper=self.root_helper).AndReturn(None) - self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'], + self.iptables.execute(['iptables-save', '-t', 'nat'], root_helper=self.root_helper).AndReturn('') - self.iptables.execute(['/sbin/iptables-restore'], + self.iptables.execute(['iptables-restore'], process_input=nat_dump, root_helper=self.root_helper).AndReturn(None) - self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'], + self.iptables.execute(['iptables-save', '-t', 'filter'], root_helper=self.root_helper).AndReturn('') - self.iptables.execute(['/sbin/iptables-restore'], + self.iptables.execute(['iptables-restore'], process_input=(':%s-FORWARD - [0:0]\n:%s-INPUT' ' - [0:0]\n:%s-local - [0:0]\n:%s-OUTPUT - [0:' '0]\n:quantum-filter-top - [0:0]\n-A FORWARD -' @@ -88,10 +88,10 @@ class IptablesManagerStateFulTestCase(unittest.TestCase): bn, bn, bn, bn)), root_helper=self.root_helper ).AndReturn(None) - self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'], + self.iptables.execute(['iptables-save', '-t', 'nat'], root_helper=self.root_helper).AndReturn('') - self.iptables.execute(['/sbin/iptables-restore'], + self.iptables.execute(['iptables-restore'], process_input=nat_dump, root_helper=self.root_helper).AndReturn(None) @@ -107,7 +107,7 @@ class IptablesManagerStateFulTestCase(unittest.TestCase): def test_add_filter_rule(self): bn = iptables_manager.binary_name - self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'], + self.iptables.execute(['iptables-save', '-t', 'filter'], root_helper=self.root_helper).AndReturn('') nat_dump = (':%s-OUTPUT - [0:0]\n:%s-snat - [0:0]\n:%s-PREROUTING -' @@ -119,7 +119,7 @@ class IptablesManagerStateFulTestCase(unittest.TestCase): '%s-snat -j %s-float-snat\n' % (bn, bn, bn, bn, bn, bn, bn, bn, bn, bn, bn)) - self.iptables.execute(['/sbin/iptables-restore'], + self.iptables.execute(['iptables-restore'], process_input=(':%s-FORWARD - [0:0]\n:%s-INPUT' ' - [0:0]\n:%s-local - [0:0]\n:%s-filter - [0:' '0]\n:%s-OUTPUT - [0:0]\n:quantum-filter-top -' @@ -132,17 +132,17 @@ class IptablesManagerStateFulTestCase(unittest.TestCase): bn, bn, bn, bn, bn, bn, bn, bn)), root_helper=self.root_helper).AndReturn(None) - self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'], + self.iptables.execute(['iptables-save', '-t', 'nat'], root_helper=self.root_helper).AndReturn('') - self.iptables.execute(['/sbin/iptables-restore'], + self.iptables.execute(['iptables-restore'], process_input=nat_dump, root_helper=self.root_helper).AndReturn(None) - self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'], + self.iptables.execute(['iptables-save', '-t', 'filter'], root_helper=self.root_helper).AndReturn('') - self.iptables.execute(['/sbin/iptables-restore'], + self.iptables.execute(['iptables-restore'], process_input=(':%s-FORWARD - [0:0]\n:%s-INPUT -' ' [0:0]\n:%s-local - [0:0]\n:%s-OUTPUT - [0:0]\n' ':quantum-filter-top - [0:0]\n-A FORWARD -j quan' @@ -153,10 +153,10 @@ class IptablesManagerStateFulTestCase(unittest.TestCase): bn)), root_helper=self.root_helper ).AndReturn(None) - self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'], + self.iptables.execute(['iptables-save', '-t', 'nat'], root_helper=self.root_helper).AndReturn('') - self.iptables.execute(['/sbin/iptables-restore'], + self.iptables.execute(['iptables-restore'], process_input=nat_dump, root_helper=self.root_helper).AndReturn(None) @@ -192,17 +192,17 @@ class IptablesManagerStateFulTestCase(unittest.TestCase): 'ORWARD -j %s-FORWARD\n' % (bn, bn, bn, bn, bn, bn, bn, bn)) - self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'], + self.iptables.execute(['iptables-save', '-t', 'filter'], root_helper=self.root_helper).AndReturn('') - self.iptables.execute(['/sbin/iptables-restore'], + self.iptables.execute(['iptables-restore'], process_input=filter_dump, root_helper=self.root_helper).AndReturn(None) - self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'], + self.iptables.execute(['iptables-save', '-t', 'nat'], root_helper=self.root_helper).AndReturn('') - self.iptables.execute(['/sbin/iptables-restore'], + self.iptables.execute(['iptables-restore'], process_input=(':%s-float-snat - [0:0]\n:%s-POS' 'TROUTING - [0:0]\n:%s-PREROUTING - [0:0]\n:%s-' 'nat - [0:0]\n:%s-OUTPUT - [0:0]\n:%s-snat - [0' @@ -217,17 +217,17 @@ class IptablesManagerStateFulTestCase(unittest.TestCase): bn, bn, bn, bn, bn, bn, bn, bn, bn, bn, bn)), root_helper=self.root_helper).AndReturn(None) - self.iptables.execute(['/sbin/iptables-save', '-t', 'filter'], + self.iptables.execute(['iptables-save', '-t', 'filter'], root_helper=self.root_helper).AndReturn('') - self.iptables.execute(['/sbin/iptables-restore'], + self.iptables.execute(['iptables-restore'], process_input=filter_dump, root_helper=self.root_helper).AndReturn(None) - self.iptables.execute(['/sbin/iptables-save', '-t', 'nat'], + self.iptables.execute(['iptables-save', '-t', 'nat'], root_helper=self.root_helper).AndReturn('') - self.iptables.execute(['/sbin/iptables-restore'], + self.iptables.execute(['iptables-restore'], process_input=(':%s-float-snat - [0:0]\n:%s-POST' 'ROUTING - [0:0]\n:%s-PREROUTING - [0:0]\n:%s-OU' 'TPUT - [0:0]\n:%s-snat - [0:0]\n:quantum-postro'