The rootwrap filter for cat is very narrowly defined: dhcp.filters:cat: RegExpFilter, /bin/cat, root, cat, /proc/\d+/cmdline
The DHCP agent was silently passing None through because failing to cat the cmdline was logically equivalent to looking for a non-exists pid. We could update the active() check to short-circuit when the pid is None. mark On Nov 8, 2012, at 12:07 PM, Gary Kotton <[email protected]> wrote: > Hi, > When running devstack I got this one: > > 2012-11-08 18:47:49 4753 DEBUG quantum.agent.linux.utils [-] Running command: > sudo /opt/stack/quantum/bin/quantum-rootwrap /etc/quantum/rootwrap.conf cat > /proc/None/cmdline execute /opt/stack/quantum/quantum/agent/linux/utils.py:41 > 2012-11-08 18:47:49 4753 DEBUG quantum.agent.linux.utils [-] > Command: ['sudo', '/opt/stack/quantum/bin/quantum-rootwrap', > '/etc/quantum/rootwrap.conf', 'cat', '/proc/None/cmdline'] > Exit code: 99 > Stdout: 'Unauthorized command: cat /proc/None/cmdline\n' > > Thanks > Gary > > -- > Mailing list: https://launchpad.net/~quantum-core > Post to : [email protected] > Unsubscribe : https://launchpad.net/~quantum-core > More help : https://help.launchpad.net/ListHelp -- Mailing list: https://launchpad.net/~quantum-core Post to : [email protected] Unsubscribe : https://launchpad.net/~quantum-core More help : https://help.launchpad.net/ListHelp
