password injection with localfs.py fails

Bug #1098077 reported by Arata Notsu
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Low
Arata Notsu

Bug Description

In injecting password with localfs, VFSLocalFS.read_file() trys to read "$mountpoint/etc/passwd" and "$mountpoint/etc/shadow" using execute('cat', file_path, run_as_root=True). But it fails since the default rootwrap configs have no filter for such 'cat'.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/19365

Changed in nova:
assignee: nobody → Arata Notsu (arata776)
status: New → In Progress
Arata Notsu (arata776)
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/19365
Committed: http://github.com/openstack/nova/commit/72da6199d233d7bd434e019a2d1b7275804eda3e
Submitter: Jenkins
Branch: master

commit 72da6199d233d7bd434e019a2d1b7275804eda3e
Author: Arata Notsu <email address hidden>
Date: Fri Jan 11 18:04:45 2013 +0900

    Add rootwrap filters for password injection with localfs

    Allow to 'sudo cat' to read passwd and shadow.

    bug 1098077

    Change-Id: Ic734bd33223df879b5e1f144bb4c85702eb88dfa

Changed in nova:
status: In Progress → Fix Committed
tags: added: folsom-backport-potential
Changed in nova:
importance: Undecided → Low
Thierry Carrez (ttx)
Changed in nova:
milestone: none → grizzly-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: grizzly-3 → 2013.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.