mooli tayer has uploaded a new change for review. Change subject: vdsm-tool: changing root checking in configurator. ......................................................................
vdsm-tool: changing root checking in configurator. Checking for root as we currently do in configure of libvirt and sanlock is not enough. Currently this will fail during the isConfigured() check since it does not have premissions to the files it attempts to check: "OSError: No such file or directory: /etc/libvirt/libvirtd.conf" It is easy to see that this check is needed for all the exposed methods of configurator. I'm suggesting to do it in the exposed verbs in a uniform manner. Change-Id: I52967e30f677e4537b83c2db442963e3eadecb55 Signed-off-by: Mooli Tayer <[email protected]> --- M lib/vdsm/tool/configurator.py 1 file changed, 16 insertions(+), 6 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/93/31293/1 diff --git a/lib/vdsm/tool/configurator.py b/lib/vdsm/tool/configurator.py index 8136613..475fa62 100644 --- a/lib/vdsm/tool/configurator.py +++ b/lib/vdsm/tool/configurator.py @@ -20,6 +20,7 @@ import argparse import errno import filecmp +import functools import grp import os import pwd @@ -105,9 +106,6 @@ return ["vdsmd", "supervdsmd", "libvirtd"] def configure(self): - if os.getuid() != 0: - raise NotRootError() - self._sysvToUpstart() if utils.isOvirtNode(): @@ -607,9 +605,6 @@ """ Configure sanlock process groups """ - if os.getuid() != 0: - raise NotRootError() - rc, out, err = utils.execCmd( ( '/usr/sbin/usermod', @@ -678,13 +673,25 @@ ) +def assertRoot(func): + @functools.wraps(func) + def inner(*args, **kwargs): + if os.getuid() != 0: + raise NotRootError() + func(*args, **kwargs) + return inner + + @expose("configure") +@assertRoot def configure(*args): """ configure [-h|...] Configure external services for vdsm Invoke with -h for complete usage. """ + + args = _parse_args(*args) configurer_to_trigger = [] @@ -726,6 +733,7 @@ @expose("is-configured") +@assertRoot def isconfigured(*args): """ is-configured [-h|...] @@ -763,6 +771,7 @@ @expose("validate-config") +@assertRoot def validate_config(*args): """ validate-config [-h|...] @@ -788,6 +797,7 @@ @expose("remove-config") +@assertRoot def remove_config(*args): """ Remove vdsm configuration from conf files -- To view, visit http://gerrit.ovirt.org/31293 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I52967e30f677e4537b83c2db442963e3eadecb55 Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: mooli tayer <[email protected]> _______________________________________________ vdsm-patches mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
