From: Gary Kotton <gkotton@redhat.com>
Date: Sat, 8 Sep 2012 17:02:29 +0000 (-0400)
Subject: Add IP commands to rootwrap fileter for OVS agent
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=7548d3c1fbabac6ede98c73fdd1867dfee124cbc;p=openstack-build%2Fneutron-build.git

Add IP commands to rootwrap fileter for OVS agent

Fixes bug 1045598

Change-Id: I97151030e5f3a71202b583dea6797ca16bd34f7c
---

diff --git a/etc/quantum/rootwrap.d/openvswitch-plugin.filters b/etc/quantum/rootwrap.d/openvswitch-plugin.filters
index bcb9527e2..c3164480c 100644
--- a/etc/quantum/rootwrap.d/openvswitch-plugin.filters
+++ b/etc/quantum/rootwrap.d/openvswitch-plugin.filters
@@ -21,3 +21,9 @@ ovs-ofctl_sbin: CommandFilter, /sbin/ovs-ofctl, root
 ovs-ofctl_sbin_usr: CommandFilter, /usr/sbin/ovs-ofctl, root
 xe: CommandFilter, /sbin/xe, root
 xe_usr: CommandFilter, /usr/sbin/xe, root
+
+# ip_lib
+ip: IpFilter, /sbin/ip, root
+ip_usr: IpFilter, /usr/sbin/ip, root
+ip_exec: IpNetnsExecFilter, /sbin/ip, root
+ip_exec_usr: IpNetnsExecFilter, /usr/sbin/ip, root