f6457c31bf
Also update the rootwrap filter config file copy task to handle looking up rootwrap filter files using 'with_fileglob' to avoid having to maintain the task with each addition or removal of these files. Change-Id: I57ea565bfdcd1d5c02e5fa1fec499e420e67a083
20 lines
759 B
XML
20 lines
759 B
XML
# neutron-rootwrap command filters for nodes on which neutron is
|
|
# expected to control network
|
|
#
|
|
# This file should be owned by (and only-writeable by) the root user
|
|
|
|
# format seems to be
|
|
# cmd-name: filter-name, raw-command, user, args
|
|
|
|
[Filters]
|
|
|
|
cp: RegExpFilter, cp, root, cp, -a, .*, .*/strongswan.d
|
|
ip: IpFilter, ip, root
|
|
ip_exec: IpNetnsExecFilter, ip, root
|
|
ipsec: CommandFilter, ipsec, root
|
|
rm: RegExpFilter, rm, root, rm, -rf, (.*/strongswan.d|.*/ipsec/[0-9a-z-]+)
|
|
strongswan: CommandFilter, strongswan, root
|
|
neutron_netns_wrapper: CommandFilter, neutron-vpn-netns-wrapper, root
|
|
neutron_netns_wrapper_local: CommandFilter, /usr/local/bin/neutron-vpn-netns-wrapper, root
|
|
chown: RegExpFilter, chown, root, chown, --from=.*, root.root, .*/ipsec.secrets
|