cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject git commit: refs/heads/master - Summary: Prevent deletion of wrong iptables rules
Date Thu, 14 Mar 2013 01:00:12 GMT
Updated Branches:
  refs/heads/master 381f737e6 -> 1079d63b6


Summary: Prevent deletion of wrong iptables rules

Detail: A grep in security_group.py wasn't defined well enough, could
potentially delete rules for VMs other than intended

BUG-ID: CLOUDSTACK-309
Bugfix-for: master
Reviewed-by:
Reported-by: Francois Scala
Signed-off-by: John Kinsella <jlk@stratosec.co> 1363222521 -0700


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/1079d63b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/1079d63b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/1079d63b

Branch: refs/heads/master
Commit: 1079d63b6f978b2124db26d7f84f7ae62ba9daa0
Parents: 381f737
Author: John Kinsella <jlk@stratosec.co>
Authored: Wed Mar 13 17:54:50 2013 -0700
Committer: John Kinsella <jlk@stratosec.co>
Committed: Wed Mar 13 17:55:21 2013 -0700

----------------------------------------------------------------------
 scripts/vm/network/security_group.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1079d63b/scripts/vm/network/security_group.py
----------------------------------------------------------------------
diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py
index 50a1641..1bcbc3e 100755
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@@ -344,7 +344,7 @@ def post_default_network_rules(vm_name, vm_id, vm_ip, vm_mac, vif, brname,
dhcpS
 def delete_rules_for_vm_in_bridge_firewall_chain(vmName):
     vm_name = vmName
     if vm_name.startswith('i-') or vm_name.startswith('r-'):
-        vm_name =  '-'.join(vm_name.split('-')[:-1])
+	vm_name = '-'.join(vm_name.split('-')[:-1]) + "-def"
     
     vmchain = vm_name
     


Mime
View raw message