openstack/nova
Code Issues Proposed changes

Add missing rootwrap filter for cryptsetup

Browse Source 
This change restores the rootwrap filter for cryptsetup that was
recently removed by I37ffc90c0bd57029fced251b5cfd7cd4318a0292 from
compute.filters, as it is still needed by dmcrypt.  Without the rootwrap
filter, `cryptsetup` is not authorized to run with root permissions.

Change-Id: I5fe3e5d5e5a9694d0dbe5b59248e5eaf89858c62
Closes-Bug: #1688166
This commit is contained in:
Jackie Truong
2017-05-03 23:11:32 -04:00
committed by jichenjc
parent c2c6960e37
commit a963aecb4c
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
etc/nova/rootwrap.d/compute.filters
View File

@@ -225,6 +225,9 @@ privsep-rootwrap: RegExpFilter, privsep-helper, root, privsep-helper, --config-f
# nova/storage/linuxscsi.py: sg_scan device
sg_scan: CommandFilter, sg_scan, root
# nova/virt/libvirt/storage/dmcrypt.py:
cryptsetup: CommandFilter, cryptsetup, root
# nova/virt/xenapi/vm_utils.py:
xenstore-read: CommandFilter, xenstore-read, root