From: Dan Wendlandt <dan@nicira.com>
Date: Thu, 7 Mar 2013 01:40:52 +0000 (-0800)
Subject: add ns-metadata-proxy rootwrap filters to dhcp.filters
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=48e7848a2e4fb3c96d44bf7519bd7984851ac9bb;p=openstack-build%2Fneutron-build.git

add ns-metadata-proxy rootwrap filters to dhcp.filters

bug 1150628

now that dhcp-agent also uses ns-metadata-proxy, we need to make sure
those rootwrap filters are installed in scenarios where dhcp-agent is
installed by l3-agent is not.

Change-Id: I141b2291aceb93d650258ff1df1ef0122ce8da90
---

diff --git a/etc/quantum/rootwrap.d/dhcp.filters b/etc/quantum/rootwrap.d/dhcp.filters
index 9ad22e9de..89abb02ad 100644
--- a/etc/quantum/rootwrap.d/dhcp.filters
+++ b/etc/quantum/rootwrap.d/dhcp.filters
@@ -25,6 +25,14 @@ ovs-vsctl_usr: CommandFilter, /usr/bin/ovs-vsctl, root
 ovs-vsctl_sbin: CommandFilter, /sbin/ovs-vsctl, root
 ovs-vsctl_sbin_usr: CommandFilter, /usr/sbin/ovs-vsctl, root
 
+# metadata proxy
+metadata_proxy: CommandFilter, /usr/bin/quantum-ns-metadata-proxy, root
+# If installed from source (say, by devstack), the prefix will be
+# /usr/local instead of /usr/bin.
+metadata_proxy_local: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root
+kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9
+kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9
+
 # ip_lib
 ip: IpFilter, /sbin/ip, root
 ip_usr: IpFilter, /usr/sbin/ip, root