Royce Lv has uploaded a new change for review.
Change subject: [WIP]start vdsm as subprocess in supervdsm server
......................................................................
[WIP]start vdsm as subprocess in supervdsm server
supervdsm will run as root, vdsm start needs to drop priviledge.
export start vdsm function,
run it as subprocess when start supervdsm server.
sleep to make vdsm starts first and log ownership right.
Change-Id: I540b1d3f3c823433f100f4803f31322fc7ee2153
Signed-off-by: Royce Lv<lvroyce(a)linux.vnet.ibm.com>
---
M vdsm/supervdsmServer.py
R vdsm/vdsmServer.py
2 files changed, 12 insertions(+), 31 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/91/11191/1
diff --git a/vdsm/supervdsmServer.py b/vdsm/supervdsmServer.py
index 83a5803..d64076b 100755
--- a/vdsm/supervdsmServer.py
+++ b/vdsm/supervdsmServer.py
@@ -423,4 +423,7 @@
sys.exit(1)
if __name__ == '__main__':
+ vdsmProc = Process(target=startVdsm)
+ vdsmProc.start()
+ sleep(2)
main()
diff --git a/vdsm/vdsm b/vdsm/vdsmServer.py
similarity index 77%
rename from vdsm/vdsm
rename to vdsm/vdsmServer.py
old mode 100755
new mode 100644
index 4746a0f..337a4ca
--- a/vdsm/vdsm
+++ b/vdsm/vdsmServer.py
@@ -10,11 +10,8 @@
import os
import sys
-import getopt
import signal
-import getpass
import pwd
-import grp
import threading
import logging
import syslog
@@ -99,19 +96,6 @@
log.info(str(t))
-def parse_args():
- opts, args = getopt.getopt(sys.argv[1:], "h", ["help"])
- for o, v in opts:
- o = o.lower()
- if o == "-h" or o == "--help":
- usage()
- sys.exit(0)
-
- if len(args) >= 1:
- usage()
- sys.exit(1)
-
-
def __assertLogPermission():
if not os.access(constants.P_VDSM_LOG, os.W_OK):
syslog.syslog("vdsm log directory is not accessible")
@@ -127,21 +111,15 @@
sys.exit(1)
-def __assertVdsmUser():
- username = getpass.getuser()
- if username != constants.VDSM_USER:
- syslog.syslog("VDSM failed to start: running user is not %s, trying "
- "to run from user %s" % (constants.VDSM_USER, username))
- sys.exit(1)
- group = grp.getgrnam(constants.VDSM_GROUP)
- if (constants.VDSM_USER not in group.gr_mem) and \
- (pwd.getpwnam(constants.VDSM_USER).pw_gid != group.gr_gid):
- syslog.syslog("VDSM failed to start: vdsm user is not in KVM group")
- sys.exit(1)
+def startVdsm():
+ def dropPrivileges():
+ if os.getuid() != 0:
+ sys.exit(1)
+ vdsm_uid, vdsm_gid = pwd.getpwnam(constants.VDSM_USER)[2:4:]
-if __name__ == '__main__':
- __assertVdsmUser()
+ os.setgroups([])
+ os.setgid(vdsm_gid)
+ os.setuid(vdsm_uid)
+ dropPrivileges()
__assertLogPermission()
- os.setpgrp()
- parse_args()
run()
--
To view, visit
http://gerrit.ovirt.org/11191
To unsubscribe, visit
http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I540b1d3f3c823433f100f4803f31322fc7ee2153
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Royce Lv <lvroyce(a)linux.vnet.ibm.com>