Add IP commands to rootwrap fileter for OVS agent

Fixes bug 1045598

Change-Id: I97151030e5f3a71202b583dea6797ca16bd34f7c

diff --git a/etc/quantum/rootwrap.d/openvswitch-plugin.filters b/etc/quantum/rootwrap.d/openvswitch-plugin.filters
index bcb9527e2368113ebf2b3eeb1b064361286d0abc..c3164480c380c16123cb84f89d42305e72e96308 100644 (file)
--- a/etc/quantum/rootwrap.d/openvswitch-plugin.filters
+++ b/etc/quantum/rootwrap.d/openvswitch-plugin.filters
@@ -21,3 +21,9 @@ ovs-ofctl_sbin: CommandFilter, /sbin/ovs-ofctl, root
 ovs-ofctl_sbin_usr: CommandFilter, /usr/sbin/ovs-ofctl, root
 xe: CommandFilter, /sbin/xe, root
 xe_usr: CommandFilter, /usr/sbin/xe, root
+
+# ip_lib
+ip: IpFilter, /sbin/ip, root
+ip_usr: IpFilter, /usr/sbin/ip, root
+ip_exec: IpNetnsExecFilter, /sbin/ip, root
+ip_exec_usr: IpNetnsExecFilter, /usr/sbin/ip, root