[prev in list] [next in list] [prev in thread] [next in thread]
List: vdsm-devel
Subject: [vdsm] Running commands that requires root permissions in before_vm_start hook
From: ItzikB () mellanox ! com (Itzik Brown)
Date: 2012-05-22 6:34:35
Message-ID: 4488206DC085244C886DBC9E7038B68925186573 () mtrdag02 ! mtl ! com
[Download RAW message or body]
Dan,
You are right - it's my mistake :-)
Anyway, the documentation for running the scripts which needs root permissions can be \
found here: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization/3.0/html/Administration_Guide/ch16s02.html
Itzik
-----Original Message-----
From: Dan Kenigsberg [mailto:danken at redhat.com]
Sent: יום ג 22 מאי 2012 01:28
To: Andrew Cathrow
Cc: Itzik Brown; vdsm-devel at lists.fedorahosted.org
Subject: Re: [vdsm] Running commands that requires root permissions in \
before_vm_start hook
On Mon, May 21, 2012 at 09:24:53AM -0400, Andrew Cathrow wrote:
>
>
> ----- Original Message -----
> > From: "Itzik Brown" <ItzikB at mellanox.com>
> > To: vdsm-devel at lists.fedorahosted.org
> > Sent: Monday, May 21, 2012 9:07:10 AM
> > Subject: [vdsm] Running commands that requires root permissions in
> > before_vm_start hook
> >
> > Hi,
> >
> > I'm trying to run the following script in before_vm_start hook:
> >
> > #!/usr/bin/python
> > import subprocess
> >
> > args = ['brctl', 'addbr', 'net10']
> > print("Running command: " + " ".join(args)) p =
> > subprocess.Popen(args, stdout=subprocess.PIPE)
> >
> > I get the following error:
> > add bridge failed: Operation not permitted
> >
> > From Red Hat Enterprise Virtualization 3.0 Documentation"
> > "Before VDSM is started on the hypervisor host. before_vdsm_start
> > hooks are executed as the user root, and do not inherit the
> > environment of the VDSM process."
> >
> > As I understand it there should be no problem if user root executes
> > this script.
> > When giving the vdsm user the right sudo permissions and adding sudo
> > to the command - it works.
> >
> > Is the documentation wrong or am I missing something?
>
> I think it's a docs issue - IIRC everything should run as VDSM and sudo for \
> privileged commands, with your RPM for the hook including additions for sudoers if \
> required for new commands.
Actually, Itzik is missing something. Two letters to be exact. ;-) before_vdsm_start \
runs as root, but before_vm_start runs as vdsm, as all normal hooks.
You can take a look at example hooks (e.g. hostusb) and how they configure sudo to \
run commands as root. \
http://gerrit.ovirt.org/gitweb?p=vdsm.git;a=tree;f=vdsm_hooks/hostusb
Dan.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic