]> review.fuel-infra Code Review - openstack-build/neutron-build.git/commitdiff
Code Review / openstack-build / neutron-build.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 84d6be4)
dhcp.filters needs ovs_vsctl permission
authorAaron Rosen <arosen@nicira.com>
Thu, 13 Dec 2012 18:53:07 +0000 (10:53 -0800)
committerAaron Rosen <arosen@nicira.com>
Thu, 13 Dec 2012 18:55:07 +0000 (10:55 -0800)
The dhcp agent calls ovs_vsctl so it will fail if using rootwrap
and these aren't specified. The reason why this was working using
rootwrap before is because there are other filters in
etc/quantum/rootwrap.d that specifiy ovs_vsctl which
allows the agent to make those calls. Fixes bug 1090072

Change-Id: I509c191c97e7187361a09788e841ebb5a9f934c7

etc/quantum/rootwrap.d/dhcp.filters patch | blob | history

diff --git a/etc/quantum/rootwrap.d/dhcp.filters b/etc/quantum/rootwrap.d/dhcp.filters
index 66fce34bbca2a7884cb8b22b6589d0b8a84454c5..9ad22e9defcf8302b151a6b9fe6bb307f21f9cba 100644 (file)
--- a/etc/quantum/rootwrap.d/dhcp.filters
+++ b/etc/quantum/rootwrap.d/dhcp.filters
@@ -20,6 +20,10 @@ kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP
 
 # dhcp-agent uses cat
 cat: RegExpFilter, /bin/cat, root, cat, /proc/\d+/cmdline
+ovs-vsctl: CommandFilter, /bin/ovs-vsctl, root
+ovs-vsctl_usr: CommandFilter, /usr/bin/ovs-vsctl, root
+ovs-vsctl_sbin: CommandFilter, /sbin/ovs-vsctl, root
+ovs-vsctl_sbin_usr: CommandFilter, /usr/sbin/ovs-vsctl, root
 
 # ip_lib
 ip: IpFilter, /sbin/ip, root