From a37b9276de85742276c0d8f6fa5264daa549702c Mon Sep 17 00:00:00 2001
From: Nachi Ueno <nachi@nttmcl.com>
Date: Tue, 20 Nov 2012 14:54:53 -0800
Subject: [PATCH] Add filters for quantum-debug

only allows ping command here.
Fixes bug 1071110

Change-Id: I38f24e40de048845f01dbc07c79bb02acf92da31
---
 etc/quantum/rootwrap.d/debug.filters | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 etc/quantum/rootwrap.d/debug.filters

diff --git a/etc/quantum/rootwrap.d/debug.filters b/etc/quantum/rootwrap.d/debug.filters
new file mode 100644
index 000000000..6dbb4d7d3
--- /dev/null
+++ b/etc/quantum/rootwrap.d/debug.filters
@@ -0,0 +1,14 @@
+# quantum-rootwrap command filters for nodes on which quantum is
+# expected to control network
+#
+# This file should be owned by (and only-writeable by) the root user
+
+# format seems to be
+# cmd-name: filter-name, raw-command, user, args
+
+[Filters]
+
+# This is needed because we should ping
+# from inside a namespace which requires root
+ping: RegExpFilter, /bin/ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
+ping6: RegExpFilter, /bin/ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+
-- 
2.45.2