1 # neutron-rootwrap command filters for nodes on which neutron is
2 # expected to control network
4 # This file should be owned by (and only-writeable by) the root user
7 # cmd-name: filter-name, raw-command, user, args
12 dnsmasq: CommandFilter, dnsmasq, root
13 # dhcp-agent uses kill as well, that's handled by the generic KillFilter
14 # it looks like these are the only signals needed, per
15 # neutron/agent/linux/dhcp.py
16 kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP
17 kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP
19 ovs-vsctl: CommandFilter, ovs-vsctl, root
20 ivs-ctl: CommandFilter, ivs-ctl, root
21 mm-ctl: CommandFilter, mm-ctl, root
22 dhcp_release: CommandFilter, dhcp_release, root
25 metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
26 # RHEL invocation of the metadata proxy will report /usr/bin/python
27 kill_metadata: KillFilter, root, python, -9
28 kill_metadata7: KillFilter, root, python2.7, -9
31 ip: IpFilter, ip, root
32 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
33 ip_exec: IpNetnsExecFilter, ip, root