Merge "Remove rootwrap rule for dnsmasq systemctl"

2022-01-14 23:50:21 +00:00 · 2022-01-14 23:50:21 +00:00 · 567b73138d
parent 55e47c630b a72289fbe7
commit 567b73138d
2 changed files with 9 additions and 4 deletions
--- a/releasenotes/notes/rootwrap-removal-68af457a0104a2ba.yaml
+++ b/releasenotes/notes/rootwrap-removal-68af457a0104a2ba.yaml
@ -0,0 +1,9 @@
+---
+upgrade:
+  - |
+    The rootwrap rule to allow restarting the systemd service
+    openstack-ironic-inspector-dnsmasq.service has been removed. No known
+    tooling requires this rule since before Train. Any configuration tool which
+    is setting [dnsmasq_pxe_filter]dnsmasq_start_command also needs to be
+    writing an appropriate rootwrap.d file, as the inspector devstack plugin
+    does.
--- a/rootwrap.d/ironic-inspector.filters
+++ b/rootwrap.d/ironic-inspector.filters
@ -5,7 +5,3 @@
 # ironic_inspector/pxe_filter/iptables.py
 iptables: CommandFilter, iptables, root
 ip6tables: CommandFilter, ip6tables, root
-
-# ironic-inspector-rootwrap command filters for systemctl manipulation of the dnsmasq service
-# ironic_inspector/pxe_filter/dnsmasq.py
-systemctl: RegExpFilter, /bin/systemctl, root, systemctl, .*, openstack-ironic-inspector-dnsmasq.service