From 270c9e21db8d19db5cbf19fa70fe66d686c9c141 Mon Sep 17 00:00:00 2001 From: YAMAMOTO Takashi Date: Mon, 10 Nov 2014 14:23:30 +0900 Subject: [PATCH] Add rootwrap filters for ofagent neutron-ofagent-agent currently relies on the fact the rootwrap filters for neutron-openvswitch-agent covers what it needs. as they are independent agents and their requirements are getting more different, introduce a dedicated rootwrap filters for ofagent. Closes-Bug: #1392560 Change-Id: Iba205260a238431432caf8d9697268ceeef85eca --- etc/neutron/rootwrap.d/ofagent.filters | 16 ++++++++++++++++ setup.cfg | 1 + 2 files changed, 17 insertions(+) create mode 100644 etc/neutron/rootwrap.d/ofagent.filters diff --git a/etc/neutron/rootwrap.d/ofagent.filters b/etc/neutron/rootwrap.d/ofagent.filters new file mode 100644 index 000000000..11e425648 --- /dev/null +++ b/etc/neutron/rootwrap.d/ofagent.filters @@ -0,0 +1,16 @@ +# neutron-rootwrap command filters for nodes on which +# neutron-ofagent-agent is expected to control network +# +# This file should be owned by (and only-writeable by) the root user + +# format seems to be +# cmd-name: filter-name, raw-command, user, args + +[Filters] + +# ovs_lib +ovs-vsctl: CommandFilter, ovs-vsctl, root + +# ip_lib +ip: IpFilter, ip, root +ip_exec: IpNetnsExecFilter, ip, root diff --git a/setup.cfg b/setup.cfg index a021a4ee0..321aeb5cf 100644 --- a/setup.cfg +++ b/setup.cfg @@ -43,6 +43,7 @@ data_files = etc/neutron/rootwrap.d/lbaas-haproxy.filters etc/neutron/rootwrap.d/linuxbridge-plugin.filters etc/neutron/rootwrap.d/nec-plugin.filters + etc/neutron/rootwrap.d/ofagent.filters etc/neutron/rootwrap.d/openvswitch-plugin.filters etc/neutron/rootwrap.d/ryu-plugin.filters etc/neutron/rootwrap.d/vpnaas.filters -- 2.45.2