Previous topic

The nova.rootwrap.compute Module

Next topic

The nova.rootwrap.network Module

This Page

Psst... hey. You're reading the latest content, but it might be out of sync with code. You can read Nova 2011.2 docs or all OpenStack docs too.

The nova.rootwrap.filters Module

class CommandFilter(exec_path, run_as, *args)

Bases: object

Command filter only checking that the 1st argument matches exec_path

get_command(userargs)

Returns command to execute (with sudo -u if run_as != root).

get_environment(userargs)

Returns specific environment to set, None if none

match(userargs)

Only check that the first argument (command) matches exec_path

class DnsmasqFilter(exec_path, run_as, *args)

Bases: nova.rootwrap.filters.CommandFilter

Specific filter for the dnsmasq call (which includes env)

get_command(userargs)
get_environment(userargs)
match(userargs)
class KillFilter(exec_path, run_as, *args)

Bases: nova.rootwrap.filters.CommandFilter

Specific filter for the kill calls. 1st argument is a list of accepted signals (emptystring means no signal) 2nd argument is a list of accepted affected executables.

This filter relies on /proc to accurately determine affected executable, so it will only work on procfs-capable systems (not OSX).

match(userargs)
class ReadFileFilter(file_path, *args)

Bases: nova.rootwrap.filters.CommandFilter

Specific filter for the utils.read_file_as_root call

match(userargs)
class RegExpFilter(exec_path, run_as, *args)

Bases: nova.rootwrap.filters.CommandFilter

Command filter doing regexp matching for every argument

match(userargs)