From e8022bef81d07552d7c5b430050f6901bea60942 Mon Sep 17 00:00:00 2001
From: Vitaly Kuznetsov <vitty@altlinux.ru>
Date: Tue, 2 Mar 2010 13:28:29 +0000
Subject: [PATCH] Avoid absolute path for privileged commands

Using absolute path for a privileged command is a bad idea as this path may vary.
For example /usr/sbin/brctl in Debian and /sbin/brctl in ALTLinux. Using $PATH is
a better idea.

Signed-off-by: Vitaly Kuznetsov <vitty@altlinux.ru>
Reviewed-by: Iustin Pop <iustin@google.com>
Signed-off-by: Iustin Pop <iustin@google.com>
---
 lib/hypervisor/hv_kvm.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/lib/hypervisor/hv_kvm.py b/lib/hypervisor/hv_kvm.py
index 28bcdc26e..fc67ba328 100644
--- a/lib/hypervisor/hv_kvm.py
+++ b/lib/hypervisor/hv_kvm.py
@@ -183,6 +183,7 @@ class KVMHypervisor(hv_base.BaseHypervisor):
     script = StringIO()
     script.write("#!/bin/sh\n")
     script.write("# this is autogenerated by Ganeti, please do not edit\n#\n")
+    script.write("PATH=$PATH:/sbin:/usr/sbin\n")
     script.write("export INSTANCE=%s\n" % instance.name)
     script.write("export MAC=%s\n" % nic.mac)
     if nic.ip:
@@ -198,21 +199,21 @@ class KVMHypervisor(hv_base.BaseHypervisor):
     script.write("  # Execute the user-specific vif file\n")
     script.write("  %s\n" % self._KVM_NETWORK_SCRIPT)
     script.write("else\n")
-    script.write("  /sbin/ifconfig $INTERFACE 0.0.0.0 up\n")
+    script.write("  ifconfig $INTERFACE 0.0.0.0 up\n")
     if nic.nicparams[constants.NIC_MODE] == constants.NIC_MODE_BRIDGED:
       script.write("  # Connect the interface to the bridge\n")
-      script.write("  /usr/sbin/brctl addif $BRIDGE $INTERFACE\n")
+      script.write("  brctl addif $BRIDGE $INTERFACE\n")
     elif nic.nicparams[constants.NIC_MODE] == constants.NIC_MODE_ROUTED:
       if not nic.ip:
         raise errors.HypervisorError("nic/%d is routed, but has no ip." % seq)
       script.write("  # Route traffic targeted at the IP to the interface\n")
       if nic.nicparams[constants.NIC_LINK]:
-        script.write("  while /sbin/ip rule del dev $INTERFACE; do :; done\n")
-        script.write("  /sbin/ip rule add dev $INTERFACE table $LINK\n")
-        script.write("  /sbin/ip route replace $IP table $LINK proto static"
+        script.write("  while ip rule del dev $INTERFACE; do :; done\n")
+        script.write("  ip rule add dev $INTERFACE table $LINK\n")
+        script.write("  ip route replace $IP table $LINK proto static"
                      " dev $INTERFACE\n")
       else:
-        script.write("  /sbin/ip route replace $IP proto static"
+        script.write("  ip route replace $IP proto static"
                      " dev $INTERFACE\n")
       interface_v4_conf = "/proc/sys/net/ipv4/conf/$INTERFACE"
       interface_v6_conf = "/proc/sys/net/ipv6/conf/$INTERFACE"
-- 
GitLab