Commit 80bde00a by Bach Dániel

remove /sbin/ from commands

parent 8ed2bc6f
......@@ -33,7 +33,8 @@ Configure ISC-DHCP server::
Configure sudo::
$ sudo tee /etc/sudoers.d/firewall <<END
fw ALL= (ALL) NOPASSWD: /sbin/ip netns exec fw /sbin/ip addr *, /sbin/ip netns exec fw /sbin/ip ro *, /sbin/ip netns exec fw /sbin/ip link *, /sbin/ip netns exec fw /usr/sbin/ipset *, /usr/bin/ovs-vsctl, /sbin/ip netns exec fw /sbin/iptables-restore -c, /sbin/ip netns exec fw /sbin/ip6tables-restore -c, /etc/init.d/isc-dhcp-server restart, /sbin/ip link *
fw ALL= (ALL) NOPASSWD: /sbin/ip netns exec fw ip addr *, /sbin/ip netns exec fw ip ro *, /sbin/ip netns exec fw ip link *, /sbin/ip netns exec fw ipset *, /usr/bin/ovs-vsctl, /sbin/ip netns exec fw iptables-restore -c, /sbin/ip netns exec fw ip6tables-restore -c, /etc/init.d/isc-dhcp-server restart, /sbin/ip link *
$ sudo chmod 440 /etc/sudoers.d/firewall
......@@ -37,9 +37,9 @@ def reload_firewall(data4, data6, save_config=True):
if isinstance(data6, dict):
data6 = ('\n'.join(data6['filter']) + '\n')
ns_exec(NETNS, ('/sbin/ip6tables-restore', '-c'), data6)
ns_exec(NETNS, ('ip6tables-restore', '-c'), data6)
ns_exec(NETNS, ('/sbin/iptables-restore', '-c'), data4)
ns_exec(NETNS, ('iptables-restore', '-c'), data4)
if save_config:
with open(FIREWALL_CONF, 'w') as f:
......@@ -54,6 +54,10 @@ def reload_firewall_vlan(data, save_config=True):
for k, v in ADDRESSES.items():
data[k]['addresses'] += v
uplink = getenv('UPLINK', None)
if uplink:
data[uplink] = {'interfaces': uplink}
br = Switch('firewall')
......@@ -62,7 +66,7 @@ def reload_firewall_vlan(data, save_config=True):
json.dump(data, f)
ns_exec(NETNS, ('/sbin/ip', 'ro', 'add', 'default', 'via',
ns_exec(NETNS, ('ip', 'ro', 'add', 'default', 'via',
getenv('GATEWAY', '')))
......@@ -84,7 +88,7 @@ def ipset_save(data):
data_new = [x['ipv4'] for x in data]
data_old = []
lines = ns_exec(NETNS, ('/usr/sbin/ipset', 'save', 'blacklist'))
lines = ns_exec(NETNS, ('ipset', 'save', 'blacklist'))
for line in lines.splitlines():
x = r.match(line.rstrip())
if x:
......@@ -103,7 +107,7 @@ def ipset_restore(l_add, l_del):
ipset += ['add blacklist %s' % x for x in l_add]
ipset += ['del blacklist %s' % x for x in l_del]
ns_exec(NETNS, ('/usr/sbin/ipset', 'restore', '-exist'),
ns_exec(NETNS, ('ipset', 'restore', '-exist'),
'\n'.join(ipset) + '\n')
......@@ -139,7 +143,7 @@ def get_dhcp_clients():
def start_firewall():
ns_exec(NETNS, ('/usr/sbin/ipset', 'create', 'blacklist',
ns_exec(NETNS, ('ipset', 'create', 'blacklist',
'hash:ip', 'family', 'inet', 'hashsize',
'4096', 'maxelem', '65536'))
......@@ -54,7 +54,7 @@ class Interface(object):
def _run(self, *args):
args = ('/sbin/ip', 'addr', ) + args
args = ('ip', 'addr', ) + args
return ns_exec(NETNS, args)
def show(self):
......@@ -79,8 +79,8 @@ class Interface(object):
def up(self):
if self.is_veth:
ns_exec(NETNS, ('/sbin/ip', 'link', 'set', 'up',
sudo(('/sbin/ip', 'link', 'set', 'up', self.external_name))
ns_exec(NETNS, ('ip', 'link', 'set', 'up',
sudo(('ip', 'link', 'set', 'up', self.external_name))
def migrate(self):
old_addresses = [str(x) for x in]
......@@ -111,7 +111,7 @@ class Switch(object):
return sudo(args)
def _setns(self, dev):
args = ('/sbin/ip', 'link', 'set', dev, 'netns', NETNS)
args = ('ip', 'link', 'set', dev, 'netns', NETNS)
return sudo(args)
def list_ports(self):
......@@ -152,7 +152,7 @@ class Switch(object):
# move interface into namespace
if interface.is_veth:
sudo(('/sbin/ip', 'link', 'add', interface.external_name,
sudo(('ip', 'link', 'add', interface.external_name,
'type', 'veth', 'peer', 'name',
......@@ -162,7 +162,7 @@ class Switch(object):
self._run('del-port', self.brname, interface.external_name)
if interface.is_veth:
sudo(('/sbin/ip', 'link', 'del', interface.external_name))
sudo(('ip', 'link', 'del', interface.external_name))
except CalledProcessError:
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment