Merge "Add rootwrap filters for password injection with localfs"
This commit is contained in:
commit
0b3a62d1bb
@ -174,3 +174,9 @@ vgs: CommandFilter, /sbin/vgs, root
|
|||||||
|
|
||||||
# nova/virt/baremetal/volume_driver.py: 'tgtadm', '--lld', 'iscsi', ...
|
# nova/virt/baremetal/volume_driver.py: 'tgtadm', '--lld', 'iscsi', ...
|
||||||
tgtadm: CommandFilter, /usr/sbin/tgtadm, root
|
tgtadm: CommandFilter, /usr/sbin/tgtadm, root
|
||||||
|
|
||||||
|
# nova/utils.py:read_file_as_root: 'cat', file_path
|
||||||
|
# (called from nova/virt/disk/vfs/localfs.py:VFSLocalFS.read_file)
|
||||||
|
read_passwd: RegExpFilter, cat, root, cat, (/var|/usr)?/tmp/openstack-vfs-localfs[^/]+/etc/passwd
|
||||||
|
read_shadow: RegExpFilter, cat, root, cat, (/var|/usr)?/tmp/openstack-vfs-localfs[^/]+/etc/shadow
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user