90e91ca052
As discussed at the PTG, we're going to use one big context for ease of management. Change-Id: I951abd402736735730e0868f31b85b1817055b2f blueprint: hurrah-for-privsep
32 lines
1.1 KiB
Python
32 lines
1.1 KiB
Python
# Copyright 2016 Red Hat, Inc
|
|
# Copyright 2017 Rackspace Australia
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
"""Setup privsep decorator."""
|
|
|
|
from oslo_privsep import capabilities
|
|
from oslo_privsep import priv_context
|
|
|
|
sys_admin_pctxt = priv_context.PrivContext(
|
|
'nova',
|
|
cfg_section='nova_sys_admin',
|
|
pypath=__name__ + '.sys_admin_pctxt',
|
|
capabilities=[capabilities.CAP_CHOWN,
|
|
capabilities.CAP_DAC_OVERRIDE,
|
|
capabilities.CAP_DAC_READ_SEARCH,
|
|
capabilities.CAP_FOWNER,
|
|
capabilities.CAP_NET_ADMIN,
|
|
capabilities.CAP_SYS_ADMIN],
|
|
)
|