Royce Lv has uploaded a new change for review.
Change subject: [WIP]start vdsm as subprocess in supervdsm server ......................................................................
[WIP]start vdsm as subprocess in supervdsm server
supervdsm will run as root, vdsm start needs to drop priviledge. export start vdsm function, run it as subprocess when start supervdsm server. sleep to make vdsm starts first and log ownership right.
Change-Id: I540b1d3f3c823433f100f4803f31322fc7ee2153 Signed-off-by: Royce Lvlvroyce@linux.vnet.ibm.com --- M vdsm/supervdsmServer.py R vdsm/vdsmServer.py 2 files changed, 12 insertions(+), 31 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/91/11191/1
diff --git a/vdsm/supervdsmServer.py b/vdsm/supervdsmServer.py index 83a5803..d64076b 100755 --- a/vdsm/supervdsmServer.py +++ b/vdsm/supervdsmServer.py @@ -423,4 +423,7 @@ sys.exit(1)
if __name__ == '__main__': + vdsmProc = Process(target=startVdsm) + vdsmProc.start() + sleep(2) main() diff --git a/vdsm/vdsm b/vdsm/vdsmServer.py similarity index 77% rename from vdsm/vdsm rename to vdsm/vdsmServer.py old mode 100755 new mode 100644 index 4746a0f..337a4ca --- a/vdsm/vdsm +++ b/vdsm/vdsmServer.py @@ -10,11 +10,8 @@
import os import sys -import getopt import signal -import getpass import pwd -import grp import threading import logging import syslog @@ -99,19 +96,6 @@ log.info(str(t))
-def parse_args(): - opts, args = getopt.getopt(sys.argv[1:], "h", ["help"]) - for o, v in opts: - o = o.lower() - if o == "-h" or o == "--help": - usage() - sys.exit(0) - - if len(args) >= 1: - usage() - sys.exit(1) - - def __assertLogPermission(): if not os.access(constants.P_VDSM_LOG, os.W_OK): syslog.syslog("vdsm log directory is not accessible") @@ -127,21 +111,15 @@ sys.exit(1)
-def __assertVdsmUser(): - username = getpass.getuser() - if username != constants.VDSM_USER: - syslog.syslog("VDSM failed to start: running user is not %s, trying " - "to run from user %s" % (constants.VDSM_USER, username)) - sys.exit(1) - group = grp.getgrnam(constants.VDSM_GROUP) - if (constants.VDSM_USER not in group.gr_mem) and \ - (pwd.getpwnam(constants.VDSM_USER).pw_gid != group.gr_gid): - syslog.syslog("VDSM failed to start: vdsm user is not in KVM group") - sys.exit(1) +def startVdsm(): + def dropPrivileges(): + if os.getuid() != 0: + sys.exit(1) + vdsm_uid, vdsm_gid = pwd.getpwnam(constants.VDSM_USER)[2:4:]
-if __name__ == '__main__': - __assertVdsmUser() + os.setgroups([]) + os.setgid(vdsm_gid) + os.setuid(vdsm_uid) + dropPrivileges() __assertLogPermission() - os.setpgrp() - parse_args() run()
-- To view, visit http://gerrit.ovirt.org/11191 To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange Gerrit-Change-Id: I540b1d3f3c823433f100f4803f31322fc7ee2153 Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Royce Lv lvroyce@linux.vnet.ibm.com