Browse Source

Add "ncat" rootwrap filter for debug

In [1], new tests to check "ncat" tool were added. The missing piece
of this patch was to add a new rootwrap filter to allow to execute
"ncat" binary as root and inside a namespace.

Closes-Bug: #1862927

[1]https://review.opendev.org/#/q/If8cf47a01dc353734ad07ca6cd4db7bec6c90fb6

Change-Id: I8e8e5cd8c4027cce58c7073002120d14f251463d
changes/68/707368/1
Rodolfo Alonso Hernandez 2 years ago
parent
commit
0ef4233d89
  1. 4
      etc/neutron/rootwrap.d/debug.filters

4
etc/neutron/rootwrap.d/debug.filters

@ -20,3 +20,7 @@ ping6_alt: RegExpFilter, ping6, root, ping6, -c, \d+, -w, \d+, [0-9A-Fa-f:]+
# "sleep" command, only for testing
sleep: RegExpFilter, sleep, root, sleep, \d+
kill_sleep: KillFilter, root, sleep, -9
# "ncat" command, only for testing
ncat: RegExpFilter, ncat, root, ncat, [0-9A-Fa-f:]+, \d+, .*
ncat_exec: IpNetnsExecFilter, ncat, root
Loading…
Cancel
Save