Update paste, policy and rootwrap configurations 2017-03-16
Change-Id: I616327635d2796ebec37905f63414d786c2d0591
This commit is contained in:
parent
847ffa8d17
commit
4783d52ecd
@ -22,9 +22,13 @@ mm-ctl: CommandFilter, mm-ctl, root
|
|||||||
dhcp_release: CommandFilter, dhcp_release, root
|
dhcp_release: CommandFilter, dhcp_release, root
|
||||||
dhcp_release6: CommandFilter, dhcp_release6, root
|
dhcp_release6: CommandFilter, dhcp_release6, root
|
||||||
|
|
||||||
# metadata proxy
|
# haproxy
|
||||||
metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
|
haproxy: RegExpFilter, haproxy, root, haproxy, -f, .*
|
||||||
|
kill_haproxy: KillFilter, root, haproxy, -15, -9, -HUP
|
||||||
# RHEL invocation of the metadata proxy will report /usr/bin/python
|
# RHEL invocation of the metadata proxy will report /usr/bin/python
|
||||||
|
# TODO(dalvarez): Remove kill_metadata* filters in Q release since
|
||||||
|
# neutron-ns-metadata-proxy is now replaced by haproxy. We keep them for now
|
||||||
|
# for the migration process
|
||||||
kill_metadata: KillFilter, root, python, -9
|
kill_metadata: KillFilter, root, python, -9
|
||||||
kill_metadata7: KillFilter, root, python2.7, -9
|
kill_metadata7: KillFilter, root, python2.7, -9
|
||||||
kill_metadata35: KillFilter, root, python3.5, -9
|
kill_metadata35: KillFilter, root, python3.5, -9
|
||||||
|
@ -14,3 +14,4 @@
|
|||||||
|
|
||||||
# prefix_delegation_agent
|
# prefix_delegation_agent
|
||||||
dibbler-client: CommandFilter, dibbler-client, root
|
dibbler-client: CommandFilter, dibbler-client, root
|
||||||
|
kill_dibbler-client: KillFilter, root, dibbler-client, -9
|
||||||
|
@ -20,8 +20,5 @@ ip6tables-restore: CommandFilter, ip6tables-restore, root
|
|||||||
iptables: CommandFilter, iptables, root
|
iptables: CommandFilter, iptables, root
|
||||||
ip6tables: CommandFilter, ip6tables, root
|
ip6tables: CommandFilter, ip6tables, root
|
||||||
|
|
||||||
# neutron/agent/linux/iptables_firewall.py
|
|
||||||
sysctl: CommandFilter, sysctl, root
|
|
||||||
|
|
||||||
# neutron/agent/linux/ip_conntrack.py
|
# neutron/agent/linux/ip_conntrack.py
|
||||||
conntrack: CommandFilter, conntrack, root
|
conntrack: CommandFilter, conntrack, root
|
||||||
|
@ -16,9 +16,13 @@ sysctl: CommandFilter, sysctl, root
|
|||||||
route: CommandFilter, route, root
|
route: CommandFilter, route, root
|
||||||
radvd: CommandFilter, radvd, root
|
radvd: CommandFilter, radvd, root
|
||||||
|
|
||||||
# metadata proxy
|
# haproxy
|
||||||
metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
|
haproxy: RegExpFilter, haproxy, root, haproxy, -f, .*
|
||||||
|
kill_haproxy: KillFilter, root, haproxy, -15, -9, -HUP
|
||||||
# RHEL invocation of the metadata proxy will report /usr/bin/python
|
# RHEL invocation of the metadata proxy will report /usr/bin/python
|
||||||
|
# TODO(dalvarez): Remove kill_metadata* filters in Q release since
|
||||||
|
# neutron-ns-metadata-proxy is now replaced by haproxy. We keep them for now
|
||||||
|
# for the migration process
|
||||||
kill_metadata: KillFilter, root, python, -15, -9
|
kill_metadata: KillFilter, root, python, -15, -9
|
||||||
kill_metadata7: KillFilter, root, python2.7, -15, -9
|
kill_metadata7: KillFilter, root, python2.7, -15, -9
|
||||||
kill_metadata35: KillFilter, root, python3.5, -15, -9
|
kill_metadata35: KillFilter, root, python3.5, -15, -9
|
||||||
|
Loading…
x
Reference in New Issue
Block a user