Commit cb66225d authored by Michael Hanselmann's avatar Michael Hanselmann
Browse files

ensure-dirs: Set permissions on job files in queue



This was a regression from 2.4.
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarRené Nussbaumer <rn@google.com>
parent 247ee81f
......@@ -1065,6 +1065,7 @@ JOB_QUEUE_DIRS = [QUEUE_DIR, JOB_QUEUE_ARCHIVE_DIR]
JOB_QUEUE_DIRS_MODE = SECURE_DIR_MODE
JOB_ID_TEMPLATE = r"\d+"
JOB_FILE_RE = re.compile(r"^job-(%s)$" % JOB_ID_TEMPLATE)
# unchanged job return
JOB_NOTCHANGED = "nochange"
......
......@@ -31,7 +31,6 @@ used by all other classes in this module.
import logging
import errno
import re
import time
import weakref
import threading
......@@ -1491,11 +1490,7 @@ def _RequireOpenQueue(fn):
class JobQueue(object):
"""Queue used to manage the jobs.
@cvar _RE_JOB_FILE: regex matching the valid job file names
"""
_RE_JOB_FILE = re.compile(r"^job-(%s)$" % constants.JOB_ID_TEMPLATE)
def __init__(self, context):
"""Constructor for JobQueue.
......@@ -1846,7 +1841,8 @@ class JobQueue(object):
return utils.PathJoin(constants.JOB_QUEUE_ARCHIVE_DIR,
cls._GetArchiveDirectory(job_id), "job-%s" % job_id)
def _GetJobIDsUnlocked(self, sort=True):
@staticmethod
def _GetJobIDsUnlocked(sort=True):
"""Return all known job IDs.
The method only looks at disk because it's a requirement that all
......@@ -1861,7 +1857,7 @@ class JobQueue(object):
"""
jlist = []
for filename in utils.ListVisibleFiles(constants.QUEUE_DIR):
m = self._RE_JOB_FILE.match(filename)
m = constants.JOB_FILE_RE.match(filename)
if m:
jlist.append(m.group(1))
if sort:
......
#
#
# Copyright (C) 2011 Google Inc.
#
# This program is free software; you can redistribute it and/or modify
......@@ -30,10 +33,18 @@ from ganeti import constants
from ganeti import errors
from ganeti import runtime
from ganeti import ssconf
from ganeti import utils
(DIR, FILE) = range(2)
ALL_TYPES = frozenset([DIR, FILE])
(DIR,
FILE,
QUEUE_DIR) = range(1, 4)
ALL_TYPES = frozenset([
DIR,
FILE,
QUEUE_DIR,
])
class EnsureError(errors.GenericError):
......@@ -122,6 +133,20 @@ def RecursiveEnsure(path, uid, gid, dir_perm, file_perm):
gid=gid)
def EnsureQueueDir(path, mode, uid, gid):
"""Sets the correct permissions on all job files in the queue.
@param path: Directory path
@param mode: Wanted file mode
@param uid: Wanted user ID
@param gid: Wanted group ID
"""
for filename in utils.ListVisibleFiles(path):
if constants.JOB_FILE_RE.match(filename):
EnsurePermission(utils.PathJoin(path, filename), mode, uid=uid, gid=gid)
def ProcessPath(path):
"""Processes a path component.
......@@ -132,10 +157,13 @@ def ProcessPath(path):
assert pathtype in ALL_TYPES
if pathtype == DIR:
if pathtype in (DIR, QUEUE_DIR):
# No additional parameters
assert len(path[5:]) == 0
EnsureDir(pathname, mode, uid, gid)
if pathtype == DIR:
EnsureDir(pathname, mode, uid, gid)
elif pathtype == QUEUE_DIR:
EnsureQueueDir(pathname, mode, uid, gid)
elif pathtype == FILE:
(must_exist, ) = path[5:]
EnsurePermission(pathname, mode, uid=uid, gid=gid, must_exist=must_exist)
......@@ -178,6 +206,8 @@ def GetPaths():
paths.extend([
(constants.QUEUE_DIR, DIR, 0700, getent.masterd_uid,
getent.masterd_gid),
(constants.QUEUE_DIR, QUEUE_DIR, 0600, getent.masterd_uid,
getent.masterd_gid),
(constants.JOB_QUEUE_LOCK_FILE, FILE, 0600,
getent.masterd_uid, getent.masterd_gid, False),
(constants.JOB_QUEUE_SERIAL_FILE, FILE, 0600,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment