From 7548d3c1fbabac6ede98c73fdd1867dfee124cbc Mon Sep 17 00:00:00 2001
From: Gary Kotton <gkotton@redhat.com>
Date: Sat, 8 Sep 2012 13:02:29 -0400
Subject: [PATCH] Add IP commands to rootwrap fileter for OVS agent

Fixes bug 1045598

Change-Id: I97151030e5f3a71202b583dea6797ca16bd34f7c
---
 etc/quantum/rootwrap.d/openvswitch-plugin.filters | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/etc/quantum/rootwrap.d/openvswitch-plugin.filters b/etc/quantum/rootwrap.d/openvswitch-plugin.filters
index bcb9527e2..c3164480c 100644
--- a/etc/quantum/rootwrap.d/openvswitch-plugin.filters
+++ b/etc/quantum/rootwrap.d/openvswitch-plugin.filters
@@ -21,3 +21,9 @@ ovs-ofctl_sbin: CommandFilter, /sbin/ovs-ofctl, root
 ovs-ofctl_sbin_usr: CommandFilter, /usr/sbin/ovs-ofctl, root
 xe: CommandFilter, /sbin/xe, root
 xe_usr: CommandFilter, /usr/sbin/xe, root
+
+# ip_lib
+ip: IpFilter, /sbin/ip, root
+ip_usr: IpFilter, /usr/sbin/ip, root
+ip_exec: IpNetnsExecFilter, /sbin/ip, root
+ip_exec_usr: IpNetnsExecFilter, /usr/sbin/ip, root
-- 
2.45.2