openstack/devstack
Code Issues Proposed changes

Always setup rootwrap sudoers entry

Browse Source 
Setup /etc/sudoers.d/nova-rootwrap in all cases, and not just
when devstack is not run as root. Fixes bug 1011652.

Change-Id: Ib4cdeaa282f01cf2ce98119618f232c91b6e8db4
This commit is contained in:
Thierry Carrez 2012-06-11 16:45:29 +02:00
parent a1683aada1
commit d2f8fa3b44
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
AUTHORS
View File

@ -26,6 +26,7 @@ Ken Pepple <ken.pepple@rabbityard.com>
Kiall Mac Innes <kiall@managedit.ie>
Russell Bryant <rbryant@redhat.com>
Scott Moser <smoser@ubuntu.com>
Thierry Carrez <thierry@openstack.org>
Todd Willey <xtoddx@gmail.com>
Tres Henry <tres@treshenry.net>
Vishvananda Ishaya <vishvananda@gmail.com>

14
stack.sh
View File

@ -187,13 +187,6 @@ else
sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
# Set up the rootwrap sudoers
TEMPFILE=`mktemp`
echo "$USER ALL=(root) NOPASSWD: $NOVA_ROOTWRAP" >$TEMPFILE
chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/nova-rootwrap
# Remove old file
sudo rm -f /etc/sudoers.d/stack_sh_nova
fi
@ -1184,6 +1177,13 @@ sudo chown `whoami` $NOVA_CONF_DIR
cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR
# Set up the rootwrap sudoers
TEMPFILE=`mktemp`
echo "$USER ALL=(root) NOPASSWD: $NOVA_ROOTWRAP" >$TEMPFILE
chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/nova-rootwrap
if is_service_enabled n-api; then
# Use the sample http middleware configuration supplied in the
# Nova sources. This paste config adds the configuration required