From: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Date: Mon, 10 Nov 2014 05:23:30 +0000 (+0900)
Subject: Add rootwrap filters for ofagent
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=270c9e21db8d19db5cbf19fa70fe66d686c9c141;p=openstack-build%2Fneutron-build.git

Add rootwrap filters for ofagent

neutron-ofagent-agent currently relies on the fact the rootwrap
filters for neutron-openvswitch-agent covers what it needs.
as they are independent agents and their requirements are
getting more different, introduce a dedicated rootwrap filters
for ofagent.

Closes-Bug: #1392560
Change-Id: Iba205260a238431432caf8d9697268ceeef85eca
---

diff --git a/etc/neutron/rootwrap.d/ofagent.filters b/etc/neutron/rootwrap.d/ofagent.filters
new file mode 100644
index 000000000..11e425648
--- /dev/null
+++ b/etc/neutron/rootwrap.d/ofagent.filters
@@ -0,0 +1,16 @@
+# neutron-rootwrap command filters for nodes on which
+# neutron-ofagent-agent is expected to control network
+#
+# This file should be owned by (and only-writeable by) the root user
+
+# format seems to be
+# cmd-name: filter-name, raw-command, user, args
+
+[Filters]
+
+# ovs_lib
+ovs-vsctl: CommandFilter, ovs-vsctl, root
+
+# ip_lib
+ip: IpFilter, ip, root
+ip_exec: IpNetnsExecFilter, ip, root
diff --git a/setup.cfg b/setup.cfg
index a021a4ee0..321aeb5cf 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -43,6 +43,7 @@ data_files =
         etc/neutron/rootwrap.d/lbaas-haproxy.filters
         etc/neutron/rootwrap.d/linuxbridge-plugin.filters
         etc/neutron/rootwrap.d/nec-plugin.filters
+        etc/neutron/rootwrap.d/ofagent.filters
         etc/neutron/rootwrap.d/openvswitch-plugin.filters
         etc/neutron/rootwrap.d/ryu-plugin.filters
         etc/neutron/rootwrap.d/vpnaas.filters