nova-common 2012.1-0ubuntu2 / usr / bin / nova-rootwrap

This file is indexed.

/usr/bin/nova-rootwrap is in nova-common 2012.1-0ubuntu2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/usr/bin/python
# vim: tabstop=4 shiftwidth=4 softtabstop=4

# Copyright (c) 2011 Openstack, LLC.
# All Rights Reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

"""Root wrapper for Nova

   Uses modules in nova.rootwrap containing filters for commands
   that nova is allowed to run as another user.

   To switch to using this, you should:
   * Set "--root_helper=sudo nova-rootwrap" in nova.conf
   * Allow nova to run nova-rootwrap as root in nova_sudoers:
     nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap
     (all other commands can be removed from this file)

   To make allowed commands node-specific, your packaging should only
   install nova/rootwrap/{compute,network,volume}.py respectively on
   compute, network and volume nodes (i.e. nova-api nodes should not
   have any of those files installed).
"""

import os
import subprocess
import sys


RC_UNAUTHORIZED = 99
RC_NOCOMMAND = 98

if __name__ == '__main__':
    # Split arguments, require at least a command
    execname = sys.argv.pop(0)
    if len(sys.argv) == 0:
        print "%s: %s" % (execname, "No command specified")
        sys.exit(RC_NOCOMMAND)

    userargs = sys.argv[:]

    # Add ../ to sys.path to allow running from branch
    possible_topdir = os.path.normpath(os.path.join(os.path.abspath(execname),
                                                    os.pardir, os.pardir))
    if os.path.exists(os.path.join(possible_topdir, "nova", "__init__.py")):
        sys.path.insert(0, possible_topdir)

    from nova.rootwrap import wrapper

    # Execute command if it matches any of the loaded filters
    filters = wrapper.load_filters()
    filtermatch = wrapper.match_filter(filters, userargs)
    if filtermatch:
        obj = subprocess.Popen(filtermatch.get_command(userargs),
                               stdin=sys.stdin,
                               stdout=sys.stdout,
                               stderr=sys.stderr,
                               env=filtermatch.get_environment(userargs))
        obj.wait()
        sys.exit(obj.returncode)

    print "Unauthorized command: %s" % ' '.join(userargs)
    sys.exit(RC_UNAUTHORIZED)

APT Browse - Built by Thomas Orozco.