From 6ab3f196883b83bec284363b87fe5d1d1d831bb5 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Mon, 13 Jan 2020 19:35:33 -0500 Subject: [PATCH] Update vpnaas rootwrap filters The vpnaas rootwrap filters are out of date and therefore not functional on the latest release of OpenStack Ansible. This updates and adds all the missing ones so that it becomes functional again. Change-Id: Iadcb4c7451cd51526dfd96b305a9d0b1948ce8da --- files/rootwrap.d/vpnaas.filters | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/files/rootwrap.d/vpnaas.filters b/files/rootwrap.d/vpnaas.filters index 4d72d7df..846ac2d1 100644 --- a/files/rootwrap.d/vpnaas.filters +++ b/files/rootwrap.d/vpnaas.filters @@ -1,7 +1,7 @@ # neutron-rootwrap command filters for nodes on which neutron is # expected to control network # -# This file should be owned by (and only-writeable by) the root user +# This file should be owned by (and only-writable by) the root user # format seems to be # cmd-name: filter-name, raw-command, user, args @@ -13,7 +13,8 @@ ip: IpFilter, ip, root ip_exec: IpNetnsExecFilter, ip, root ipsec: CommandFilter, ipsec, root rm: RegExpFilter, rm, root, rm, -rf, (.*/strongswan.d|.*/ipsec/[0-9a-z-]+) +rm_file: RegExpFilter, rm, root, rm, -f, .*/ipsec.secrets strongswan: CommandFilter, strongswan, root neutron_netns_wrapper: CommandFilter, neutron-vpn-netns-wrapper, root neutron_netns_wrapper_local: CommandFilter, /usr/local/bin/neutron-vpn-netns-wrapper, root -chown: RegExpFilter, chown, root, chown, --from=.*, root.root, .*/ipsec.secrets +chown: RegExpFilter, chown, root, chown, --from=.*, root.root, .*/(ipsec.secrets|ipsec/[0-9a-z-]+/log)