35 lines
1.1 KiB
XML
35 lines
1.1 KiB
XML
# neutron-rootwrap command filters for nodes on which neutron is
|
|
# expected to control network
|
|
#
|
|
# This file should be owned by (and only-writeable by) the root user
|
|
|
|
# format seems to be
|
|
# cmd-name: filter-name, raw-command, user, args
|
|
|
|
[Filters]
|
|
|
|
# dhcp-agent
|
|
dnsmasq: CommandFilter, dnsmasq, root
|
|
ethtool: CommandFilter, ethtool, root
|
|
# dhcp-agent uses kill as well, that's handled by the generic KillFilter
|
|
# it looks like these are the only signals needed, per
|
|
# neutron/agent/linux/dhcp.py
|
|
kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP, -15
|
|
kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP, -15
|
|
# dnsmasq kill script filter
|
|
kill_dnsmasq_script: CommandFilter, dnsmasq-kill, root
|
|
|
|
ovs-vsctl: CommandFilter, ovs-vsctl, root
|
|
mm-ctl: CommandFilter, mm-ctl, root
|
|
dhcp_release: CommandFilter, dhcp_release, root
|
|
dhcp_release6: CommandFilter, dhcp_release6, root
|
|
|
|
# haproxy
|
|
haproxy: RegExpFilter, haproxy, root, haproxy, -f, .*
|
|
kill_haproxy: KillFilter, root, haproxy, -15, -9, -HUP
|
|
|
|
# ip_lib
|
|
ip: IpFilter, ip, root
|
|
find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
|
|
ip_exec: IpNetnsExecFilter, ip, root
|