From f1b43395e787e8f6d91436bec42f79a6ea0858bd Mon Sep 17 00:00:00 2001
From: Stefan Nica <snica@suse.com>
Date: Tue, 5 Sep 2017 18:55:43 +0200
Subject: [PATCH] linuxbridge-agent: add missing sysctl rootwrap entry

Sysctl was missing from the linuxbridge plugin rootwrap
configuration file. This was causing failures in the
linuxbridge agent when networks are created:

Rootwrap error running command: ['sysctl', '-w', 'net.ipv6.conf.eth0/557.disable_ipv6=1']:

NOTE: this bug was hidden by the fact that sysctl was
covered by the iptables-firewall.filters until recently,
when it was removed (see https://review.openstack.org/#/c/436315/).

Change-Id: Id20175df30d4d6039fb42e722d03f39521f6a499
Closes-Bug: #1715194
---
 etc/neutron/rootwrap.d/linuxbridge-plugin.filters | 1 +
 1 file changed, 1 insertion(+)

diff --git a/etc/neutron/rootwrap.d/linuxbridge-plugin.filters b/etc/neutron/rootwrap.d/linuxbridge-plugin.filters
index f0934357ba6..298b8077559 100644
--- a/etc/neutron/rootwrap.d/linuxbridge-plugin.filters
+++ b/etc/neutron/rootwrap.d/linuxbridge-plugin.filters
@@ -13,6 +13,7 @@
 # from the old mechanism
 brctl: CommandFilter, brctl, root
 bridge: CommandFilter, bridge, root
+sysctl: CommandFilter, sysctl, root
 
 # ip_lib
 ip: IpFilter, ip, root