Merge "Remove rootwrap rule for dnsmasq systemctl"

releasenotes/notes/rootwrap-removal-68af457a0104a2ba.yaml

@@ -0,0 +1,9 @@
+---
+upgrade:
+  - |
+    The rootwrap rule to allow restarting the systemd service
+    openstack-ironic-inspector-dnsmasq.service has been removed. No known
+    tooling requires this rule since before Train. Any configuration tool which
+    is setting [dnsmasq_pxe_filter]dnsmasq_start_command also needs to be
+    writing an appropriate rootwrap.d file, as the inspector devstack plugin
+    does.

rootwrap.d/ironic-inspector.filters

@@ -5,7 +5,3 @@
 # ironic_inspector/pxe_filter/iptables.py
 iptables: CommandFilter, iptables, root
 ip6tables: CommandFilter, ip6tables, root
-
-# ironic-inspector-rootwrap command filters for systemctl manipulation of the dnsmasq service
-# ironic_inspector/pxe_filter/dnsmasq.py
-systemctl: RegExpFilter, /bin/systemctl, root, systemctl, .*, openstack-ironic-inspector-dnsmasq.service