[neutron] Update rootwrap filters to support python3 applications
There are the changes here 1. extend current kill_metadata filter for python3 versions 2. add kill_keepalived_monitor filters (introduced for neutron with https://review.opendev.org/#/c/636710/ ) Change-Id: If82db83bdb3bd8bebeb15382079b538fd8019376
This commit is contained in:
parent
47cb52b67c
commit
83fbb31192
@ -1182,6 +1182,10 @@ conf:
|
|||||||
kill_metadata: KillFilter, root, python, -15, -9
|
kill_metadata: KillFilter, root, python, -15, -9
|
||||||
kill_metadata2: KillFilter, root, python2, -15, -9
|
kill_metadata2: KillFilter, root, python2, -15, -9
|
||||||
kill_metadata7: KillFilter, root, python2.7, -15, -9
|
kill_metadata7: KillFilter, root, python2.7, -15, -9
|
||||||
|
kill_metadata3: KillFilter, root, python3, -15, -9
|
||||||
|
kill_metadata35: KillFilter, root, python3.5, -15, -9
|
||||||
|
kill_metadata36: KillFilter, root, python3.6, -15, -9
|
||||||
|
kill_metadata37: KillFilter, root, python3.7, -15, -9
|
||||||
kill_radvd_usr: KillFilter, root, /usr/sbin/radvd, -15, -9, -HUP
|
kill_radvd_usr: KillFilter, root, /usr/sbin/radvd, -15, -9, -HUP
|
||||||
kill_radvd: KillFilter, root, /sbin/radvd, -15, -9, -HUP
|
kill_radvd: KillFilter, root, /sbin/radvd, -15, -9, -HUP
|
||||||
|
|
||||||
@ -1213,13 +1217,24 @@ conf:
|
|||||||
|
|
||||||
# Keepalived
|
# Keepalived
|
||||||
keepalived: CommandFilter, keepalived, root
|
keepalived: CommandFilter, keepalived, root
|
||||||
kill_keepalived: KillFilter, root, /usr/sbin/keepalived, -HUP, -15, -9
|
kill_keepalived: KillFilter, root, keepalived, -HUP, -15, -9
|
||||||
|
|
||||||
# l3 agent to delete floatingip's conntrack state
|
# l3 agent to delete floatingip's conntrack state
|
||||||
conntrack: CommandFilter, conntrack, root
|
conntrack: CommandFilter, conntrack, root
|
||||||
|
|
||||||
# keepalived state change monitor
|
# keepalived state change monitor
|
||||||
keepalived_state_change: CommandFilter, neutron-keepalived-state-change, root
|
keepalived_state_change: CommandFilter, neutron-keepalived-state-change, root
|
||||||
|
# The following filters are used to kill the keepalived state change monitor.
|
||||||
|
# Since the monitor runs as a Python script, the system reports that the
|
||||||
|
# command of the process to be killed is python.
|
||||||
|
# TODO(mlavalle) These kill filters will be updated once we come up with a
|
||||||
|
# mechanism to kill using the name of the script being executed by Python
|
||||||
|
kill_keepalived_monitor_py: KillFilter, root, python, -15
|
||||||
|
kill_keepalived_monitor_py27: KillFilter, root, python2.7, -15
|
||||||
|
kill_keepalived_monitor_py3: KillFilter, root, python3, -15
|
||||||
|
kill_keepalived_monitor_py35: KillFilter, root, python3.5, -15
|
||||||
|
kill_keepalived_monitor_py36: KillFilter, root, python3.6, -15
|
||||||
|
kill_keepalived_monitor_py37: KillFilter, root, python3.7, -15
|
||||||
netns_cleanup:
|
netns_cleanup:
|
||||||
pods:
|
pods:
|
||||||
- dhcp_agent
|
- dhcp_agent
|
||||||
@ -1280,6 +1295,10 @@ conf:
|
|||||||
kill_metadata: KillFilter, root, python, -9
|
kill_metadata: KillFilter, root, python, -9
|
||||||
kill_metadata2: KillFilter, root, python2, -9
|
kill_metadata2: KillFilter, root, python2, -9
|
||||||
kill_metadata7: KillFilter, root, python2.7, -9
|
kill_metadata7: KillFilter, root, python2.7, -9
|
||||||
|
kill_metadata3: KillFilter, root, python3, -9
|
||||||
|
kill_metadata35: KillFilter, root, python3.5, -9
|
||||||
|
kill_metadata36: KillFilter, root, python3.6, -9
|
||||||
|
kill_metadata37: KillFilter, root, python3.7, -9
|
||||||
|
|
||||||
# ip_lib
|
# ip_lib
|
||||||
ip: IpFilter, ip, root
|
ip: IpFilter, ip, root
|
||||||
|
Loading…
Reference in New Issue
Block a user