Re: [PATCH master 5/8] Check allowed file storage paths during cluster-verify

Tue, 16 Oct 2012 05:19:32 -0700 

On Fri, Oct 05, 2012 at 03:55:41AM +0200, Michael Hanselmann wrote:
> Some paths, such as /bin or /usr/lib, should not be used for file
> storage. This patch implements a check during cluster verification
> to show a warning in case such a path has been used.
> ---
>  lib/backend.py                 |    6 +++
>  lib/cmdlib.py                  |   74 
> ++++++++++++++++++++++++++++++++++++++++
>  lib/constants.py               |    4 ++
>  test/ganeti.cmdlib_unittest.py |   20 +++++++++++
>  4 files changed, 104 insertions(+), 0 deletions(-)
> 
> diff --git a/lib/backend.py b/lib/backend.py
> index 4a87fdb..a4e7c9a 100644
> --- a/lib/backend.py
> +++ b/lib/backend.py
> @@ -797,6 +797,12 @@ def VerifyNode(what, cluster_name):
>      result[constants.NV_BRIDGES] = [bridge
>                                      for bridge in what[constants.NV_BRIDGES]
>                                      if not utils.BridgeExists(bridge)]
> +
> +  if what.get(constants.NV_FILE_STORAGE_PATHS) == my_name:
> +    result[constants.NV_FILE_STORAGE_PATHS] = \
> +      (pathutils.FILE_STORAGE_PATHS_FILE,
> +       bdev.LoadAllowedFileStoragePaths(pathutils.FILE_STORAGE_PATHS_FILE))
> +
>    return result
>  
>  
> diff --git a/lib/cmdlib.py b/lib/cmdlib.py
> index 5e6d5e9..aee786a 100644
> --- a/lib/cmdlib.py
> +++ b/lib/cmdlib.py
> @@ -1783,6 +1783,48 @@ def _VerifyCertificate(filename):
>    raise errors.ProgrammerError("Unhandled certificate error code %r" % 
> errcode)
>  
>  
> +def _GetFileStorageWarningPaths():
> +  """Builds a list of path prefixes which shouldn't be used for file storage.
> +
> +  """
> +  paths = set([
> +    "/boot",
> +    "/dev",
> +    "/etc",
> +    "/home",
> +    "/proc",
> +    "/root",
> +    "/sys",
> +    ])
> +
> +  for prefix in ["", "/usr", "/usr/local"]:
> +    paths.update(map(lambda s: "%s/%s" % (prefix, s),
> +                     ["bin", "lib", "lib32", "lib64", "sbin"]))
> +
> +  return frozenset(map(os.path.normpath, paths))

Having this in cmdlib.py means that backend (per patch 6/8) will accept
all paths in there.

I'm wondering whether backend itself shouldn't filter out "deemed
unsafe" paths, rather than just cluster verify. The return tuple out of
the node verify rpc could be (good paths, bad paths) instead of just the
paths, but otherwise the verification wouldn't be much different.

iustin

Reply via email to