Dan,
You are right - it's my mistake :-)

Anyway, the documentation for running the scripts which needs root permissions 
can be found here:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization/3.0/html/Administration_Guide/ch16s02.html

Itzik

-----Original Message-----
From: Dan Kenigsberg [mailto:dan...@redhat.com] 
Sent: יום ג 22 מאי 2012 01:28
To: Andrew Cathrow
Cc: Itzik Brown; vdsm-devel@lists.fedorahosted.org
Subject: Re: [vdsm] Running commands that requires root permissions in 
before_vm_start hook

On Mon, May 21, 2012 at 09:24:53AM -0400, Andrew Cathrow wrote:
> 
> 
> ----- Original Message -----
> > From: "Itzik Brown" <itz...@mellanox.com>
> > To: vdsm-devel@lists.fedorahosted.org
> > Sent: Monday, May 21, 2012 9:07:10 AM
> > Subject: [vdsm] Running commands that requires root permissions in 
> > before_vm_start hook
> > 
> > Hi,
> > 
> > I'm trying to run the following script in before_vm_start hook:
> > 
> > #!/usr/bin/python
> > import subprocess
> > 
> > args = ['brctl', 'addbr', 'net10']
> > print("Running command: " + " ".join(args)) p = 
> > subprocess.Popen(args, stdout=subprocess.PIPE)
> > 
> > I get the following error:
> > add bridge failed: Operation not permitted
> > 
> > From Red Hat Enterprise Virtualization 3.0 Documentation"
> > "Before VDSM is started on the hypervisor host. before_vdsm_start 
> > hooks are executed as the user root, and do not inherit the 
> > environment of the VDSM process."
> > 
> > As I understand it there should be no problem if user root executes 
> > this script.
> > When giving the vdsm user the right sudo permissions and adding sudo 
> > to the command - it works.
> > 
> > Is the documentation wrong or am I missing something?
> 
> I think it's a docs issue - IIRC everything should run as VDSM and sudo for 
> privileged commands, with your RPM for the hook including additions for 
> sudoers if required for new commands.

Actually, Itzik is missing something. Two letters to be exact. ;-) 
before_vdsm_start runs as root, but before_vm_start runs as vdsm, as all normal 
hooks.

You can take a look at example hooks (e.g. hostusb) and how they configure sudo 
to run commands as root.
http://gerrit.ovirt.org/gitweb?p=vdsm.git;a=tree;f=vdsm_hooks/hostusb

Dan.
_______________________________________________
vdsm-devel mailing list
vdsm-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/vdsm-devel

Reply via email to