12e264d58f
Adds support for a configurable set of trusted directories to search executables in (exec_dirs), which defaults to system PATH. If your filter specifies an exec_path that doesn't start with '/', then it will be searched in exec_dirs. Avoids having to write multiple filters to care for distro differences. Fixes bug 1079723. Also returns a specific error rather than try to run absent executables. Change-Id: Idab03bb0be6832a75ffeed4e78d25d0543f5caf9
14 lines
589 B
XML
14 lines
589 B
XML
# nova-rootwrap command filters for api-metadata nodes
|
|
# This is needed on nova-api hosts running with "metadata" in enabled_apis
|
|
# or when running nova-api-metadata
|
|
# This file should be owned by (and only-writeable by) the root user
|
|
|
|
[Filters]
|
|
# nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ...
|
|
iptables-save: CommandFilter, iptables-save, root
|
|
ip6tables-save: CommandFilter, ip6tables-save, root
|
|
|
|
# nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,)
|
|
iptables-restore: CommandFilter, iptables-restore, root
|
|
ip6tables-restore: CommandFilter, ip6tables-restore, root
|