openstack/nova
Code Issues Proposed changes

Squash dacnet_admin privsep context.

Browse Source 
As discussed at the PTG, we're going to use one big context for
ease of management.

Change-Id: I951abd402736735730e0868f31b85b1817055b2f
blueprint: hurrah-for-privsep
This commit is contained in:
Michael Still
2017-09-18 23:16:52 +10:00
parent e00d8eb759
commit 90e91ca052
4 changed files with 3 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
etc/nova/rootwrap.d/compute.filters
View File

@@ -198,8 +198,6 @@ scsi_id: CommandFilter, /lib/udev/scsi_id, root
# and (implicitly) the actual python code invoked.
privsep-rootwrap-os_brick: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, os_brick.privileged.default, --privsep_sock_path, /tmp/.*
privsep-rootwrap-dacnet_admin: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, nova.privsep.dacnet_admin_pctxt, --privsep_sock_path, /tmp/.*
privsep-rootwrap-sys_admin: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, nova.privsep.sys_admin_pctxt, --privsep_sock_path, /tmp/.*
# nova/virt/libvirt/storage/dmcrypt.py: