The quantum.rootwrap.filters Module

class quantum.rootwrap.filters.CommandFilter(exec_path, run_as, *args)

Bases: object

Command filter only checking that the 1st argument matches exec_path

get_command(userargs)

Returns command to execute (with sudo -u if run_as != root).

get_environment(userargs)

Returns specific environment to set, None if none

match(userargs)

Only check that the first argument (command) matches exec_path

class quantum.rootwrap.filters.DnsmasqFilter(exec_path, run_as, *args)

Bases: quantum.rootwrap.filters.CommandFilter

Specific filter for the dnsmasq call (which includes env)

get_command(userargs)

get_environment(userargs)

is_dnsmasq_cmd(argv)

is_dnsmasq_env_vars(argv)

match(userargs)

This matches the combination of the leading env vars plus “dnsmasq”

class quantum.rootwrap.filters.DnsmasqNetnsFilter(exec_path, run_as, *args)

Bases: quantum.rootwrap.filters.DnsmasqFilter

Specific filter for the dnsmasq call (which includes env)

is_ip_netns_cmd(argv)

match(userargs)

This matches the combination of the leading env vars plus “ip” “netns” “exec” <foo> “dnsmasq”

class quantum.rootwrap.filters.ExecCommandFilter(exec_path, run_as, *args)

Bases: quantum.rootwrap.filters.CommandFilter

exec_args(userargs)

class quantum.rootwrap.filters.IpFilter(exec_path, run_as, *args)

Bases: quantum.rootwrap.filters.CommandFilter

Specific filter for the ip utility to that does not match exec.

match(userargs)

class quantum.rootwrap.filters.IpNetnsExecFilter(exec_path, run_as, *args)

Bases: quantum.rootwrap.filters.ExecCommandFilter

Specific filter for the ip utility to that does match exec.

exec_args(userargs)

match(userargs)

class quantum.rootwrap.filters.KillFilter(*args)

Bases: quantum.rootwrap.filters.CommandFilter

Specific filter for the kill calls. 1st argument is the user to run /bin/kill under 2nd argument is the location of the affected executable Subsequent arguments list the accepted signals (if any)

This filter relies on /proc to accurately determine affected executable, so it will only work on procfs-capable systems (not OSX).

match(userargs)

class quantum.rootwrap.filters.ReadFileFilter(file_path, *args)

Bases: quantum.rootwrap.filters.CommandFilter

Specific filter for the utils.read_file_as_root call

match(userargs)

class quantum.rootwrap.filters.RegExpFilter(exec_path, run_as, *args)

Bases: quantum.rootwrap.filters.CommandFilter

Command filter doing regexp matching for every argument

match(userargs)