Update paste, policy and rootwrap configurations 2016-11-18

Change-Id: I4ea2471488ea795512c82108987a090cf40c99d8

files/rootwrap.d/bind9.filters

@@ -1,7 +1,7 @@
 # designate-rootwrap command filters for nodes on which designate is
 # expected to control network
 #
-# This file should be owned by (and only-writeable by) the root user
+# This file should be owned by (and only-writable by) the root user
 
 # format seems to be
 # cmd-name: filter-name, raw-command, user, args

files/rootwrap.d/djbdns.filters

@@ -0,0 +1,4 @@
+[Filters]
+tcpclient: CommandFilter, /usr/bin/tcpclient, root
+axfr-get: CommandFilter, /usr/bin/axfr-get, root
+tinydns-data: CommandFilter, /usr/bin/tinydns-data, root

files/rootwrap.d/knot2.filters

@@ -0,0 +1,3 @@
+# cmd-name: filter-name, raw-command, user, args
+[Filters]
+knotc: CommandFilter, /usr/sbin/knotc, root

templates/policy.json.j2

@@ -122,5 +122,8 @@
     "find_zone_exports": "rule:admin_or_owner",
     "get_zone_export": "rule:admin_or_owner",
     "update_zone_export": "rule:admin_or_owner",
-    "delete_zone_export": "rule:admin_or_owner"
+
+    "find_service_status": "rule:admin",
+    "find_service_statuses": "rule:admin",
+    "update_service_service_status": "rule:admin"
 }