openstack/neutron
Code Issues Proposed changes
972cdef50c
neutron/neutron/tests/contrib/functional-testing.filters
Assaf Muller fd93e19f2a Change get_root_helper_child_pid to stop when it finds cmd 
get_root_helper_child_pid recursively finds the child of pid,
until it can no longer find a child. However, the intention is
not to find the deepest child, but to strip away root helpers.
For example 'sudo neutron-rootwrap x' is supposed to find the
pid of x. However, in cases 'x' spawned quick lived children of
its own (For example: ip / brctl / ovs invocations),
get_root_helper_child_pid returned those pids if called in
the wrong time.

Change-Id: I582aa5c931c8bfe57f49df6899445698270bb33e
Closes-Bug: #1558819
2016-04-04 12:15:33 -04:00

44 lines
1.9 KiB
XML
Raw Blame History

# neutron-rootwrap command filters to support functional testing. It
# is NOT intended to be used outside of a test environment.
#
# This file should be owned by (and only-writeable by) the root user
[Filters]
# enable ping from namespace
ping_filter: CommandFilter, ping, root
ping6_filter: CommandFilter, ping6, root
ping_kill: KillFilter, root, ping, -2
# enable curl from namespace
curl_filter: RegExpFilter, /usr/bin/curl, root, curl, --max-time, \d+, -D-, http://[0-9a-z:./-]+
nc_filter: CommandFilter, nc, root
# netcat has different binaries depending on linux distribution
nc_kill: KillFilter, root, nc, -9
ncbsd_kill: KillFilter, root, nc.openbsd, -9
ncat_kill: KillFilter, root, ncat, -9
ss_filter: CommandFilter, ss, root
# enable neutron-linuxbridge-cleanup from namespace
lb_cleanup_filter: RegExpFilter, neutron-linuxbridge-cleanup, root, neutron-linuxbridge-cleanup, --config-file, .*
# enable dhclient from namespace
dhclient_filter: CommandFilter, dhclient, root
dhclient_kill: KillFilter, root, dhclient, -9
# Actually, dhclient is used for test dhcp-agent and runs
# in dhcp-agent namespace. If in that namespace resolv.conf file not exist
# dhclient will override system /etc/resolv.conf
# Filters below are limit functions mkdir, rm and touch
# only to create and delete file resolv.conf in the that namespace
mkdir_filter: RegExpFilter, /bin/mkdir, root, mkdir, -p, /etc/netns/qdhcp-[0-9a-z./-]+
rm_filter: RegExpFilter, /bin/rm, root, rm, -r, /etc/netns/qdhcp-[0-9a-z./-]+
touch_filter: RegExpFilter, /bin/touch, root, touch, /etc/netns/qdhcp-[0-9a-z./-]+/resolv.conf
touch_filter2: RegExpFilter, /usr/bin/touch, root, touch, /etc/netns/qdhcp-[0-9a-z./-]+/resolv.conf
# needed by test_ovs_flows which runs ovs-appctl ofproto/trace
ovstrace_filter: RegExpFilter, ovs-appctl, root, ovs-appctl, ofproto/trace, .*, .*
# needed for TestGetRootHelperChildPid
bash_filter: RegExpFilter, /bin/bash, root, bash, -c, \(sleep 100\)
sleep_kill: KillFilter, root, sleep, -9
View Git Blame Copy Permalink