From: Nachi Ueno <nachi@nttmcl.com>
Date: Tue, 20 Nov 2012 22:54:53 +0000 (-0800)
Subject: Add filters for quantum-debug
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=a37b9276de85742276c0d8f6fa5264daa549702c;p=openstack-build%2Fneutron-build.git

Add filters for quantum-debug

only allows ping command here.
Fixes bug 1071110

Change-Id: I38f24e40de048845f01dbc07c79bb02acf92da31
---

diff --git a/etc/quantum/rootwrap.d/debug.filters b/etc/quantum/rootwrap.d/debug.filters
new file mode 100644
index 000000000..6dbb4d7d3
--- /dev/null
+++ b/etc/quantum/rootwrap.d/debug.filters
@@ -0,0 +1,14 @@
+# quantum-rootwrap command filters for nodes on which quantum is
+# expected to control network
+#
+# This file should be owned by (and only-writeable by) the root user
+
+# format seems to be
+# cmd-name: filter-name, raw-command, user, args
+
+[Filters]
+
+# This is needed because we should ping
+# from inside a namespace which requires root
+ping: RegExpFilter, /bin/ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
+ping6: RegExpFilter, /bin/ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+