From 2c44cfa2db0cd1a5ba6c02581b34136d7ee5d4fb Mon Sep 17 00:00:00 2001 From: Daniel Gollub Date: Wed, 19 Feb 2014 07:41:24 +0100 Subject: [PATCH] Restrict rootwrap find filter for IBM NAS and GPFS Additional make the name of the filter unique, so it does not override any other rule. Like the find rule of the NetAppNFS driver. Rootwrap is making use of plain python ConfigParser which handles INI files with key=value pair like fashion. Where the key is unique. Related-Bug: 1250101 Change-Id: I56a96084dc736e73e3e9533803f65956699891a0 --- etc/cinder/rootwrap.d/volume.filters | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/etc/cinder/rootwrap.d/volume.filters b/etc/cinder/rootwrap.d/volume.filters index fe7a28946..e4259332f 100644 --- a/etc/cinder/rootwrap.d/volume.filters +++ b/etc/cinder/rootwrap.d/volume.filters @@ -85,7 +85,7 @@ systool: CommandFilter, systool, root # cinder/volume/drivers/block_device.py blockdev: CommandFilter, blockdev, root -# cinder/volume/drivers/gpfs.py +# cinder/volume/drivers/ibm/gpfs.py mv: CommandFilter, mv, root mmgetstate: CommandFilter, /usr/lpp/mmfs/bin/mmgetstate, root mmclone: CommandFilter, /usr/lpp/mmfs/bin/mmclone, root @@ -94,9 +94,12 @@ mmchattr: CommandFilter, /usr/lpp/mmfs/bin/mmchattr, root mmlsconfig: CommandFilter, /usr/lpp/mmfs/bin/mmlsconfig, root mmlsfs: CommandFilter, /usr/lpp/mmfs/bin/mmlsfs, root mmlspool: CommandFilter, /usr/lpp/mmfs/bin/mmlspool, root -find: CommandFilter, find, root mkfs: CommandFilter, mkfs, root +# cinder/volume/drivers/ibm/gpfs.py +# cinder/volume/drivers/ibm/ibmnas.py +find_maxdepth_inum: RegExpFilter, find, root, find, ^[/]*([^/\0]+(/+)?)*$, -maxdepth, \d+, -inum, \d+ + # cinder/brick/initiator/connector.py: aoe-revalidate: CommandFilter, aoe-revalidate, root aoe-discover: CommandFilter, aoe-discover, root -- 2.45.2