Designate

  1. Bug #1611171
  2. Comment #23

Comment 23 for bug 1611171

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/newton)

Reviewed: https://review.openstack.org/385365
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=28e618921c5bf63b0d7d17fcbe3084fdda153997
Submitter: Jenkins
Branch: stable/newton

commit 28e618921c5bf63b0d7d17fcbe3084fdda153997
Author: Markus Zoeller <email address hidden>
Date: Tue Aug 9 13:55:54 2016 +0200

    Don't attempt to escalate nova-manage privileges

    Remove code which allowed nova-manage to attempt to escalate
    privileges so that configuration files can be read by users who
    normally wouldn't have access, but do have sudo access.

    The privilege escalation came into nova-manage with commit e9fd01e
    to solve bug 805695. That bug report didn't describe a faulty behavior
    but a change request.

    NOTE: This is related to change I03063d2 from Kiall Mac Innes who did
    this for the "designate" project. I'm reusing the change-id from his
    change to make it clear that they are related to each other.

    NOTE: I removed the try-except block completely, as it doesn't make
    sense to continue when we cannot read the config file (due to a wrong
    path or permission errors). That's the same approach we used in the
    recent "nova/cmd/policy_check" module.
    https://github.com/openstack/nova/blob/master/nova/cmd/policy_check.py#L158

    Co-Authored-By: Kiall Mac Innes <email address hidden>
    Closes-Bug: 1611171
    Change-Id: I03063d2af14015e6506f1b6e958f5ff219aa4a87
    (cherry picked from commit 87530b6e674750ab0d55b70cce4d96bf26d1f49a)