33 lines
870 B
XML
33 lines
870 B
XML
# neutron-rootwrap command filters for nodes on which neutron is
|
|
# expected to control network
|
|
#
|
|
# This file should be owned by (and only-writeable by) the root user
|
|
|
|
# format seems to be
|
|
# cmd-name: filter-name, raw-command, user, args
|
|
|
|
[Filters]
|
|
|
|
# l3_agent
|
|
route: CommandFilter, route, root
|
|
radvd: CommandFilter, radvd, root
|
|
|
|
# haproxy
|
|
haproxy: RegExpFilter, haproxy, root, haproxy, -f, .*
|
|
|
|
# ip_lib
|
|
ip: IpFilter, ip, root
|
|
ip_exec: IpNetnsExecFilter, ip, root
|
|
|
|
# iptables_manager
|
|
iptables-save: CommandFilter, iptables-save, root
|
|
iptables-restore: CommandFilter, iptables-restore, root
|
|
ip6tables-save: CommandFilter, ip6tables-save, root
|
|
ip6tables-restore: CommandFilter, ip6tables-restore, root
|
|
|
|
# Keepalived
|
|
keepalived: CommandFilter, keepalived, root
|
|
|
|
# keepalived state change monitor
|
|
keepalived_state_change: CommandFilter, neutron-keepalived-state-change, root
|