Merge "Implement conntrack command privsep context"

This commit is contained in:
Zuul 2021-04-16 04:37:20 +00:00 committed by Gerrit Code Review
commit 08ff64034e
2 changed files with 10 additions and 2 deletions

View File

@ -54,3 +54,11 @@ namespace_cmd = priv_context.PrivContext(
pypath=__name__ + '.namespace_cmd',
capabilities=[caps.CAP_SYS_ADMIN]
)
conntrack_cmd = priv_context.PrivContext(
__name__,
cfg_section='privsep_conntrack',
pypath=__name__ + '.conntrack_cmd',
capabilities=[caps.CAP_NET_ADMIN]
)

View File

@ -263,7 +263,7 @@ def _parse_entry(entry, ipversion, zone):
return tuple(parsed_entry)
@privileged.default.entrypoint
@privileged.conntrack_cmd.entrypoint
def list_entries(zone):
"""List and parse all conntrack entries in zone
@ -289,7 +289,7 @@ def list_entries(zone):
return sorted(parsed_entries, key=lambda x: x[3])
@privileged.default.entrypoint
@privileged.conntrack_cmd.entrypoint
def delete_entries(entries):
"""Delete selected entries