← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #81672

[Bug 1863006] Re: "ping" command should be correctly supported in rootwrap filters

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.opendev.org/707452
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=cc3b9df4268ac339d0b7316595a4148ba4c69836
Submitter: Zuul
Branch:    master

commit cc3b9df4268ac339d0b7316595a4148ba4c69836
Author: Rodolfo Alonso Hernandez <ralonsoh@xxxxxxxxxx>
Date:   Wed Feb 12 18:56:13 2020 +0000

    "ping"/"ping6" command support in rootwrap filters
    
    To have correct support in rootwrap, "ping"/"ping6" command should
    have the correct filters in rootwrap.
    
    Because "ping" command is harmless, "CommandFilter" is used to allow
    any binary call, regardless of the parameters used and the order.
    
    Nevertheless, this patch also proposes to use "ping"/"ping6" with
    the same parameters and a specific order, to help in the debug
    process:
    - ping[6] -W <timeout> <address>
    - ping[6] -W <timeout> -c <count> <address>
    - ping[6] -W <timeout> -c <count> -i <interval> <address>
    
    Those commands could be called from inside a namespace. The needed
    filter is also added in this patch.
    
    Change-Id: Ie5cbc0dcc76672b26cd2605f08cfd17a30b4c905
    Closes-Bug: #1863006


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1863006

Title:
  "ping" command should be correctly supported in rootwrap filters

Status in neutron:
  Fix Released

Bug description:
  Some "ping" commands have failed because the rootwrap filter does not
  match. Example [1]:

  RuntimeError: Process ['ping', '192.178.0.2', '-W', '1', '-c', '3']
  hasn't been spawned in 20 seconds. Return code: 99, stdout: , sdterr:
  /home/zuul/src/opendev.org/openstack/neutron/.tox/dsvm-functional/bin
  /neutron-rootwrap: Unauthorized command: ip netns exec test-ed1ca152
  -40df-457f-95ea-bd1edd68baa9 ping 192.178.0.2 -W 1 -c 3 (no filter
  matched)

  "ping" commands should always have the same parameters and in the same
  order.

  [1] https://f686e70b9699eba6880c-
  12f0768fe735ff9b43e4aa64f3cfd6c9.ssl.cf2.rackcdn.com/701733/33/check
  /neutron-functional/36f4f9c/testr_results.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1863006/+subscriptions

References

  Thread PreviousDate PreviousThread Next