[neutron] Update rootwrap filters to support python3 applications

There are the changes here

1. extend current kill_metadata filter for python3 versions

2. add kill_keepalived_monitor filters (introduced for neutron with
  https://review.opendev.org/#/c/636710/ )

Change-Id: If82db83bdb3bd8bebeb15382079b538fd8019376
This commit is contained in:
Jiří Suchomel 2019-06-10 12:52:45 +02:00
parent 47cb52b67c
commit 83fbb31192

View File

@ -1182,6 +1182,10 @@ conf:
kill_metadata: KillFilter, root, python, -15, -9 kill_metadata: KillFilter, root, python, -15, -9
kill_metadata2: KillFilter, root, python2, -15, -9 kill_metadata2: KillFilter, root, python2, -15, -9
kill_metadata7: KillFilter, root, python2.7, -15, -9 kill_metadata7: KillFilter, root, python2.7, -15, -9
kill_metadata3: KillFilter, root, python3, -15, -9
kill_metadata35: KillFilter, root, python3.5, -15, -9
kill_metadata36: KillFilter, root, python3.6, -15, -9
kill_metadata37: KillFilter, root, python3.7, -15, -9
kill_radvd_usr: KillFilter, root, /usr/sbin/radvd, -15, -9, -HUP kill_radvd_usr: KillFilter, root, /usr/sbin/radvd, -15, -9, -HUP
kill_radvd: KillFilter, root, /sbin/radvd, -15, -9, -HUP kill_radvd: KillFilter, root, /sbin/radvd, -15, -9, -HUP
@ -1213,13 +1217,24 @@ conf:
# Keepalived # Keepalived
keepalived: CommandFilter, keepalived, root keepalived: CommandFilter, keepalived, root
kill_keepalived: KillFilter, root, /usr/sbin/keepalived, -HUP, -15, -9 kill_keepalived: KillFilter, root, keepalived, -HUP, -15, -9
# l3 agent to delete floatingip's conntrack state # l3 agent to delete floatingip's conntrack state
conntrack: CommandFilter, conntrack, root conntrack: CommandFilter, conntrack, root
# keepalived state change monitor # keepalived state change monitor
keepalived_state_change: CommandFilter, neutron-keepalived-state-change, root keepalived_state_change: CommandFilter, neutron-keepalived-state-change, root
# The following filters are used to kill the keepalived state change monitor.
# Since the monitor runs as a Python script, the system reports that the
# command of the process to be killed is python.
# TODO(mlavalle) These kill filters will be updated once we come up with a
# mechanism to kill using the name of the script being executed by Python
kill_keepalived_monitor_py: KillFilter, root, python, -15
kill_keepalived_monitor_py27: KillFilter, root, python2.7, -15
kill_keepalived_monitor_py3: KillFilter, root, python3, -15
kill_keepalived_monitor_py35: KillFilter, root, python3.5, -15
kill_keepalived_monitor_py36: KillFilter, root, python3.6, -15
kill_keepalived_monitor_py37: KillFilter, root, python3.7, -15
netns_cleanup: netns_cleanup:
pods: pods:
- dhcp_agent - dhcp_agent
@ -1280,6 +1295,10 @@ conf:
kill_metadata: KillFilter, root, python, -9 kill_metadata: KillFilter, root, python, -9
kill_metadata2: KillFilter, root, python2, -9 kill_metadata2: KillFilter, root, python2, -9
kill_metadata7: KillFilter, root, python2.7, -9 kill_metadata7: KillFilter, root, python2.7, -9
kill_metadata3: KillFilter, root, python3, -9
kill_metadata35: KillFilter, root, python3.5, -9
kill_metadata36: KillFilter, root, python3.6, -9
kill_metadata37: KillFilter, root, python3.7, -9
# ip_lib # ip_lib
ip: IpFilter, ip, root ip: IpFilter, ip, root