14 lines
637 B
XML
14 lines
637 B
XML
# ovn-bgp-agent-rootwrap command filters for scripts
|
|
# This file should be owned by (and only-writable by) the root user
|
|
|
|
[Filters]
|
|
# privileged/__init__.py: priv_context.PrivContext(default)
|
|
# This line ties the superuser privs with the config files, context name,
|
|
# and (implicitly) the actual python code invoked.
|
|
privsep-rootwrap: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, ovn_bgp_agent.privileged.default, --privsep_sock_path, /tmp/.*
|
|
|
|
ovs-vsctl: CommandFilter, ovs-vsctl, root
|
|
sysctl: CommandFilter, sysctl, root
|
|
ip: IpFilter, ip, root
|
|
vtysh: CommandFilter, vtysh, root
|