OpenStack Compute (nova)

chown commands failing (no rootwrap filter)

Bug #1716718 reported by Eric Berglund on 2017-09-12

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Medium	Michael Still

Bug Description

Description
============
https://review.openstack.org/#/c/471972/31/etc/nova/rootwrap.d/compute.filters

The above changed removed the chown rootwrap filter. However the temporary_chown method in nova.utils is still calling execute('chown',...) which is failing. This needs to be converted to use the new nova.privsep.dac_admin chown method.

Environment
===========
Openstack version: master

Tags:

Revision history for this message

Michael Still (mikal) wrote on 2017-09-12:

This affects xen in tree, and at least powervm out of tree. https://review.openstack.org/#/c/503079/ is the fix.

Changed in nova:
status:	New → Triaged
status:	Triaged → In Progress
importance:	Undecided → Medium
assignee:	nobody → Michael Still (mikal)
tags:	added: powervm xenserver

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-09-13: Fix merged to nova (master)

Reviewed: https://review.openstack.org/503079
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=39c2cceb75265ddf67822ca40d2d69d2e27e3a91
Submitter: Jenkins
Branch: master

commit 39c2cceb75265ddf67822ca40d2d69d2e27e3a91
Author: Michael Still <email address hidden>
Date: Wed Sep 13 03:07:36 2017 +1000

Fix missed chown call

When privsep'ing chown calls, this one was missed. Fix that.

    I think this entire method should go away, but it will break at least
    one of out tree driver. I'm talking to the powervm guys about a way
    forward there.

Change-Id: I8a9bda36728896e60b13c32afda0a7130664cb7b
Closes-Bug: #1716718