Privsep configuration for neutron-fwaas
This patch adds fwaas-privsep.filters to FWaaS repository to be easier to maintain. It also helps avoid making Neutron be inversely depended on FWaaS when perform privsep configuration as in https://review.openstack.org/#/c/392014/. Change-Id: I71308130fbcc861a167371339c89a47410b8d09a
This commit is contained in:
parent
d2938b2471
commit
27b0fff119
|
@ -55,6 +55,8 @@ function init_fwaas() {
|
|||
mkdir /etc/neutron/policy.d
|
||||
fi
|
||||
cp $DEST/neutron-fwaas/etc/neutron/policy.d/neutron-fwaas.json /etc/neutron/policy.d/neutron-fwaas.json
|
||||
# Using sudo to gain the root privilege to be able to copy file to rootwrap.d
|
||||
sudo cp $DEST/neutron-fwaas/etc/neutron/rootwrap.d/fwaas-privsep.filters /etc/neutron/rootwrap.d/fwaas-privsep.filters
|
||||
}
|
||||
|
||||
function shutdown_fwaas() {
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
# neutron-fwaas privsep filters
|
||||
|
||||
# This file should be owned by (and only-writeable by) the root user
|
||||
|
||||
[Filters]
|
||||
|
||||
privsep-rootwrap: PathFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, neutron_fwaas.privileged.default
|
Loading…
Reference in New Issue