From de17bd6b7724e82c5905cf1e4f8ba5551ca641e0 Mon Sep 17 00:00:00 2001
From: Andy McCrae <andy.mccrae@gmail.com>
Date: Fri, 26 May 2017 14:10:05 +0100
Subject: [PATCH] Update paste, policy and rootwrap configurations 2017-05-26

Change-Id: Ide7712021d773e9001831a46bb7c353a3f9f381b
---
 files/rootwrap.d/volume.filters | 27 +++++++++++++--------------
 templates/rootwrap.conf.j2      |  2 +-
 2 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/files/rootwrap.d/volume.filters b/files/rootwrap.d/volume.filters
index 1826fc21..64953405 100644
--- a/files/rootwrap.d/volume.filters
+++ b/files/rootwrap.d/volume.filters
@@ -129,7 +129,6 @@ netapp_nfs_touch: CommandFilter, touch, root
 # cinder/volume/drivers/glusterfs.py
 chgrp: CommandFilter, chgrp, root
 umount: CommandFilter, umount, root
-fallocate: CommandFilter, fallocate, root
 
 # cinder/volumes/drivers/hds/hds.py:
 hus-cmd: CommandFilter, hus-cmd, root
@@ -154,20 +153,20 @@ mv: CommandFilter, mv, root
 
 # cinder/volume/drivers/ibm/gpfs.py
 cp: CommandFilter, cp, root
-mmgetstate: CommandFilter, /usr/lpp/mmfs/bin/mmgetstate, root
-mmclone: CommandFilter, /usr/lpp/mmfs/bin/mmclone, root
-mmlsattr: CommandFilter, /usr/lpp/mmfs/bin/mmlsattr, root
-mmchattr: CommandFilter, /usr/lpp/mmfs/bin/mmchattr, root
-mmlsconfig: CommandFilter, /usr/lpp/mmfs/bin/mmlsconfig, root
-mmlsfs: CommandFilter, /usr/lpp/mmfs/bin/mmlsfs, root
-mmlspool: CommandFilter, /usr/lpp/mmfs/bin/mmlspool, root
+mmgetstate: CommandFilter, mmgetstate, root
+mmclone: CommandFilter, mmclone, root
+mmlsattr: CommandFilter, mmlsattr, root
+mmchattr: CommandFilter, mmchattr, root
+mmlsconfig: CommandFilter, mmlsconfig, root
+mmlsfs: CommandFilter, mmlsfs, root
+mmlspool: CommandFilter, mmlspool, root
 mkfs: CommandFilter, mkfs, root
-mmcrfileset: CommandFilter, /usr/lpp/mmfs/bin/mmcrfileset, root
-mmlinkfileset: CommandFilter, /usr/lpp/mmfs/bin/mmlinkfileset, root
-mmunlinkfileset: CommandFilter, /usr/lpp/mmfs/bin/mmunlinkfileset, root
-mmdelfileset: CommandFilter, /usr/lpp/mmfs/bin/mmdelfileset, root
-mmcrsnapshot: CommandFilter, /usr/lpp/mmfs/bin/mmcrsnapshot, root
-mmdelsnapshot: CommandFilter, /usr/lpp/mmfs/bin/mmdelsnapshot, root
+mmcrfileset: CommandFilter, mmcrfileset, root
+mmlinkfileset: CommandFilter, mmlinkfileset, root
+mmunlinkfileset: CommandFilter, mmunlinkfileset, root
+mmdelfileset: CommandFilter, mmdelfileset, root
+mmcrsnapshot: CommandFilter, mmcrsnapshot, root
+mmdelsnapshot: CommandFilter, mmdelsnapshot, root
 
 # cinder/volume/drivers/ibm/gpfs.py
 # cinder/volume/drivers/ibm/ibmnas.py
diff --git a/templates/rootwrap.conf.j2 b/templates/rootwrap.conf.j2
index 8ec5bde4..54e8d284 100644
--- a/templates/rootwrap.conf.j2
+++ b/templates/rootwrap.conf.j2
@@ -10,7 +10,7 @@ filters_path=/etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap
 # explicitely specify a full path (separated by ',')
 # If not specified, defaults to system PATH environment variable.
 # These directories MUST all be only writeable by root !
-exec_dirs={{ cinder_bin }},/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin
+exec_dirs={{ cinder_bin }},/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/usr/lpp/mmfs/bin
 
 # Enable logging to syslog
 # Default value is False