From 0ef4233d891f8fa42a073901051bf0310f61eebb Mon Sep 17 00:00:00 2001
From: Rodolfo Alonso Hernandez <ralonsoh@redhat.com>
Date: Wed, 12 Feb 2020 11:43:27 +0000
Subject: [PATCH] Add "ncat" rootwrap filter for debug

In [1], new tests to check "ncat" tool were added. The missing piece
of this patch was to add a new rootwrap filter to allow to execute
"ncat" binary as root and inside a namespace.

Closes-Bug: #1862927

[1]https://review.opendev.org/#/q/If8cf47a01dc353734ad07ca6cd4db7bec6c90fb6

Change-Id: I8e8e5cd8c4027cce58c7073002120d14f251463d
---
 etc/neutron/rootwrap.d/debug.filters | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/etc/neutron/rootwrap.d/debug.filters b/etc/neutron/rootwrap.d/debug.filters
index 8d7a2dc69e4..86e30416045 100644
--- a/etc/neutron/rootwrap.d/debug.filters
+++ b/etc/neutron/rootwrap.d/debug.filters
@@ -20,3 +20,7 @@ ping6_alt: RegExpFilter, ping6, root, ping6, -c, \d+, -w, \d+, [0-9A-Fa-f:]+
 # "sleep" command, only for testing
 sleep: RegExpFilter, sleep, root, sleep, \d+
 kill_sleep: KillFilter, root, sleep, -9
+
+# "ncat" command, only for testing
+ncat: RegExpFilter, ncat, root, ncat, [0-9A-Fa-f:]+, \d+, .*
+ncat_exec: IpNetnsExecFilter, ncat, root