f1b43395e7
Sysctl was missing from the linuxbridge plugin rootwrap configuration file. This was causing failures in the linuxbridge agent when networks are created: Rootwrap error running command: ['sysctl', '-w', 'net.ipv6.conf.eth0/557.disable_ipv6=1']: NOTE: this bug was hidden by the fact that sysctl was covered by the iptables-firewall.filters until recently, when it was removed (see https://review.openstack.org/#/c/436315/). Change-Id: Id20175df30d4d6039fb42e722d03f39521f6a499 Closes-Bug: #1715194
30 lines
1.2 KiB
XML
30 lines
1.2 KiB
XML
# neutron-rootwrap command filters for nodes on which neutron is
|
|
# expected to control network
|
|
#
|
|
# This file should be owned by (and only-writeable by) the root user
|
|
|
|
# format seems to be
|
|
# cmd-name: filter-name, raw-command, user, args
|
|
|
|
[Filters]
|
|
|
|
# linuxbridge-agent
|
|
# unclear whether both variants are necessary, but I'm transliterating
|
|
# from the old mechanism
|
|
brctl: CommandFilter, brctl, root
|
|
bridge: CommandFilter, bridge, root
|
|
sysctl: CommandFilter, sysctl, root
|
|
|
|
# ip_lib
|
|
ip: IpFilter, ip, root
|
|
find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
|
|
ip_exec: IpNetnsExecFilter, ip, root
|
|
|
|
# tc commands needed for QoS support
|
|
tc_replace_tbf: RegExpFilter, tc, root, tc, qdisc, replace, dev, .+, root, tbf, rate, .+, latency, .+, burst, .+
|
|
tc_add_ingress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, ingress, handle, .+
|
|
tc_delete: RegExpFilter, tc, root, tc, qdisc, del, dev, .+, .+
|
|
tc_show_qdisc: RegExpFilter, tc, root, tc, qdisc, show, dev, .+
|
|
tc_show_filters: RegExpFilter, tc, root, tc, filter, show, dev, .+, parent, .+
|
|
tc_add_filter: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, all, prio, .+, basic, police, rate, .+, burst, .+, mtu, .+, drop
|