Add rootwrap filters for ofagent

neutron-ofagent-agent currently relies on the fact the rootwrap filters for neutron-openvswitch-agent covers what it needs. as they are independent agents and their requirements are getting more different, introduce a dedicated rootwrap filters for ofagent. Closes-Bug: #1392560 Change-Id: Iba205260a238431432caf8d9697268ceeef85eca
2014-11-10 14:23:30 +09:00 · 2014-11-10 14:23:30 +09:00 · 752af596ac
commit 752af596ac
parent 656c15c101
2 changed files with 17 additions and 0 deletions
--- a/etc/neutron/rootwrap.d/ofagent.filters
+++ b/etc/neutron/rootwrap.d/ofagent.filters
@ -0,0 +1,16 @@
+# neutron-rootwrap command filters for nodes on which
+# neutron-ofagent-agent is expected to control network
+#
+# This file should be owned by (and only-writeable by) the root user
+
+# format seems to be
+# cmd-name: filter-name, raw-command, user, args
+
+[Filters]
+
+# ovs_lib
+ovs-vsctl: CommandFilter, ovs-vsctl, root
+
+# ip_lib
+ip: IpFilter, ip, root
+ip_exec: IpNetnsExecFilter, ip, root
--- a/setup.cfg
+++ b/setup.cfg
@ -43,6 +43,7 @@ data_files =
        etc/neutron/rootwrap.d/lbaas-haproxy.filters
        etc/neutron/rootwrap.d/linuxbridge-plugin.filters
        etc/neutron/rootwrap.d/nec-plugin.filters
+        etc/neutron/rootwrap.d/ofagent.filters
        etc/neutron/rootwrap.d/openvswitch-plugin.filters
        etc/neutron/rootwrap.d/ryu-plugin.filters
        etc/neutron/rootwrap.d/vpnaas.filters