openstack/neutron-fwaas
Code Issues Proposed changes

dhcp.filters needs ovs_vsctl permission

Browse Source 
The dhcp agent calls ovs_vsctl so it will fail if using rootwrap
and these aren't specified. The reason why this was working using
rootwrap before is because there are other filters in
etc/quantum/rootwrap.d that specifiy ovs_vsctl which
allows the agent to make those calls. Fixes bug 1090072

Change-Id: I509c191c97e7187361a09788e841ebb5a9f934c7
This commit is contained in:
Aaron Rosen 2012-12-13 10:53:07 -08:00
parent 84d6be4253
commit a8d9594907
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
etc/quantum/rootwrap.d/dhcp.filters
View File

@ -20,6 +20,10 @@ kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP
# dhcp-agent uses cat
cat: RegExpFilter, /bin/cat, root, cat, /proc/\d+/cmdline
ovs-vsctl: CommandFilter, /bin/ovs-vsctl, root
ovs-vsctl_usr: CommandFilter, /usr/bin/ovs-vsctl, root
ovs-vsctl_sbin: CommandFilter, /sbin/ovs-vsctl, root
ovs-vsctl_sbin_usr: CommandFilter, /usr/sbin/ovs-vsctl, root
# ip_lib
ip: IpFilter, /sbin/ip, root