oslo.rootwrap

Bug #1822668
Activity log

Activity log for bug #1822668

Date	Who	What changed	Old value	New value	Message
2019-04-01 18:33:27	Deepak Tiwari	bug			added bug
2019-04-01 18:39:30	Deepak Tiwari	description	If a regex is required to have a comma ',' also, as part of rootwrap regex filter then it doesn't work. It seems oslo-rootwrap code parses a comma as a parameter separator. Using a '\' as escape doesn't work either.... ubuntu@u1604:~$ cat /etc/taas/rootwrap.d/taas.filter [Filters] i40e_sysfs_command: RegExpFilter, i40e_sysfs_command, root, i40e_sysfs_command, (?i)(add\|rem), ([0-9]+(-[0-9]+)?)(,([0-9])+(-[0-9]+)?), (\/home\/ubuntu\/sys\/class\/net\/.?\/device\/sriov\/[0-9]+\/(vlan\|egress\|ingress)_mirror) ubuntu@u1604:~$ i40e.wrap i40e_sysfs_command add 0-4095 /home/ubuntu/sys/class/net/ensp3s9/device/sriov/99/vlan_mirror + sudo /usr/local/bin/taas-rootwrap /etc/taas/rootwrap.conf i40e_sysfs_command add 0-4095 /home/ubuntu/sys/class/net/ensp3s9/device/sriov/99/vlan_mirror /usr/local/bin/taas-rootwrap: Unauthorized command: i40e_sysfs_command add 0-4095 /home/ubuntu/sys/class/net/ensp3s9/device/sriov/99/vlan_mirror (no filter matched)	If a regex is required to have a comma ',' also, as part of rootwrap regex filter (for ex. [0-9-,]) then it doesn't work. It seems oslo-rootwrap code parses a comma as a parameter separator. Using a '\' as escape doesn't work either.... ubuntu@u1604:~$ cat /etc/taas/rootwrap.d/taas.filter [Filters] i40e_sysfs_command: RegExpFilter, i40e_sysfs_command, root, i40e_sysfs_command, (?i)(add\|rem), [0-9-,], (\/home\/ubuntu\/sys\/class\/net\/.?\/device\/sriov\/[0-9]+\/(vlan\|egress\|ingress)_mirror) ubuntu@u1604:~$ i40e.wrap i40e_sysfs_command add 0-4095 /home/ubuntu/sys/class/net/ensp3s9/device/sriov/99/vlan_mirror + sudo /usr/local/bin/taas-rootwrap /etc/taas/rootwrap.conf i40e_sysfs_command add 0-4095 /home/ubuntu/sys/class/net/ensp3s9/device/sriov/99/vlan_mirror /usr/local/bin/taas-rootwrap: Unauthorized command: i40e_sysfs_command add 0-4095 /home/ubuntu/sys/class/net/ensp3s9/device/sriov/99/vlan_mirror (no filter matched) If comma is removed (for ex. [0-9-]), then it works fine:- ubuntu@u1604:~$ cat /etc/taas/rootwrap.d/taas.filter [Filters] i40e_sysfs_command: RegExpFilter, i40e_sysfs_command, root, i40e_sysfs_command, (?i)(add\|rem), [0-9-], (\/home\/ubuntu\/sys\/class\/net\/.?\/device\/sriov\/[0-9]+\/(vlan\|egress\|ingress)_mirror) ubuntu@u1604:~$ i40e.wrap i40e_sysfs_command add 0-4095 /home/ubuntu/sys/class/net/ensp3s9/device/sriov/99/vlan_mirror + sudo /usr/local/bin/taas-rootwrap /etc/taas/rootwrap.conf i40e_sysfs_command add 0-4095 /home/ubuntu/sys/class/net/ensp3s9/device/sriov/99/vlan_mirror