Restrict rootwrap find filter for IBM NAS and GPFS

Additional make the name of the filter unique, so it does not override
any other rule. Like the find rule of the NetAppNFS driver.
Rootwrap is making use of plain python ConfigParser which handles INI files
with key=value pair like fashion. Where the key is unique.

Related-Bug: 1250101

Change-Id: I56a96084dc736e73e3e9533803f65956699891a0

diff --git a/etc/cinder/rootwrap.d/volume.filters b/etc/cinder/rootwrap.d/volume.filters
index fe7a28946a2da80176114f20369360c196585bcf..e4259332fdf1ca0d3c2026af3e8f9f077c6d72aa 100644 (file)
--- a/etc/cinder/rootwrap.d/volume.filters
+++ b/etc/cinder/rootwrap.d/volume.filters
@@ -85,7 +85,7 @@ systool: CommandFilter, systool, root
 # cinder/volume/drivers/block_device.py
 blockdev: CommandFilter, blockdev, root
 
-# cinder/volume/drivers/gpfs.py
+# cinder/volume/drivers/ibm/gpfs.py
 mv: CommandFilter, mv, root
 mmgetstate: CommandFilter, /usr/lpp/mmfs/bin/mmgetstate, root
 mmclone: CommandFilter, /usr/lpp/mmfs/bin/mmclone, root
@@ -94,9 +94,12 @@ mmchattr: CommandFilter, /usr/lpp/mmfs/bin/mmchattr, root
 mmlsconfig: CommandFilter, /usr/lpp/mmfs/bin/mmlsconfig, root
 mmlsfs: CommandFilter, /usr/lpp/mmfs/bin/mmlsfs, root
 mmlspool: CommandFilter, /usr/lpp/mmfs/bin/mmlspool, root
-find: CommandFilter, find, root
 mkfs: CommandFilter, mkfs, root
 
+# cinder/volume/drivers/ibm/gpfs.py
+# cinder/volume/drivers/ibm/ibmnas.py
+find_maxdepth_inum: RegExpFilter, find, root, find, ^[/]*([^/\0]+(/+)?)*$, -maxdepth, \d+, -inum, \d+
+
 # cinder/brick/initiator/connector.py:
 aoe-revalidate: CommandFilter, aoe-revalidate, root
 aoe-discover: CommandFilter, aoe-discover, root