fd93e19f2a
get_root_helper_child_pid recursively finds the child of pid, until it can no longer find a child. However, the intention is not to find the deepest child, but to strip away root helpers. For example 'sudo neutron-rootwrap x' is supposed to find the pid of x. However, in cases 'x' spawned quick lived children of its own (For example: ip / brctl / ovs invocations), get_root_helper_child_pid returned those pids if called in the wrong time. Change-Id: I582aa5c931c8bfe57f49df6899445698270bb33e Closes-Bug: #1558819
44 lines
1.9 KiB
XML
44 lines
1.9 KiB
XML
# neutron-rootwrap command filters to support functional testing. It
|
|
# is NOT intended to be used outside of a test environment.
|
|
#
|
|
# This file should be owned by (and only-writeable by) the root user
|
|
|
|
[Filters]
|
|
# enable ping from namespace
|
|
ping_filter: CommandFilter, ping, root
|
|
ping6_filter: CommandFilter, ping6, root
|
|
ping_kill: KillFilter, root, ping, -2
|
|
|
|
# enable curl from namespace
|
|
curl_filter: RegExpFilter, /usr/bin/curl, root, curl, --max-time, \d+, -D-, http://[0-9a-z:./-]+
|
|
nc_filter: CommandFilter, nc, root
|
|
# netcat has different binaries depending on linux distribution
|
|
nc_kill: KillFilter, root, nc, -9
|
|
ncbsd_kill: KillFilter, root, nc.openbsd, -9
|
|
ncat_kill: KillFilter, root, ncat, -9
|
|
ss_filter: CommandFilter, ss, root
|
|
|
|
# enable neutron-linuxbridge-cleanup from namespace
|
|
lb_cleanup_filter: RegExpFilter, neutron-linuxbridge-cleanup, root, neutron-linuxbridge-cleanup, --config-file, .*
|
|
|
|
# enable dhclient from namespace
|
|
dhclient_filter: CommandFilter, dhclient, root
|
|
dhclient_kill: KillFilter, root, dhclient, -9
|
|
|
|
# Actually, dhclient is used for test dhcp-agent and runs
|
|
# in dhcp-agent namespace. If in that namespace resolv.conf file not exist
|
|
# dhclient will override system /etc/resolv.conf
|
|
# Filters below are limit functions mkdir, rm and touch
|
|
# only to create and delete file resolv.conf in the that namespace
|
|
mkdir_filter: RegExpFilter, /bin/mkdir, root, mkdir, -p, /etc/netns/qdhcp-[0-9a-z./-]+
|
|
rm_filter: RegExpFilter, /bin/rm, root, rm, -r, /etc/netns/qdhcp-[0-9a-z./-]+
|
|
touch_filter: RegExpFilter, /bin/touch, root, touch, /etc/netns/qdhcp-[0-9a-z./-]+/resolv.conf
|
|
touch_filter2: RegExpFilter, /usr/bin/touch, root, touch, /etc/netns/qdhcp-[0-9a-z./-]+/resolv.conf
|
|
|
|
# needed by test_ovs_flows which runs ovs-appctl ofproto/trace
|
|
ovstrace_filter: RegExpFilter, ovs-appctl, root, ovs-appctl, ofproto/trace, .*, .*
|
|
|
|
# needed for TestGetRootHelperChildPid
|
|
bash_filter: RegExpFilter, /bin/bash, root, bash, -c, \(sleep 100\)
|
|
sleep_kill: KillFilter, root, sleep, -9
|