diff options
| author | Chaozhe.Chen <chaozhe.chen@easystack.cn> | 2016-02-22 13:52:38 +0800 |
|---|---|---|
| committer | Chaozhe.Chen <chaozhe.chen@easystack.cn> | 2016-02-22 13:52:38 +0800 |
| commit | 58389f1822159d495f92ef4b99325c1fa7cc7c70 (patch) | |
| tree | 70c4e19cbd6678be40c199163d6b638c6dc79e2d /etc | |
| parent | 08433892d152b8e5ff6271d08e3283c0e881fc6f (diff) | |
| download | ceilometer-58389f1822159d495f92ef4b99325c1fa7cc7c70.tar.gz | |
Add /usr/local/{sbin,bin} to rootwrap exec_dirs
I noticed that nova, neutron and cinder's rootwrap exec_dirs include
/usr/local/{sbin,bin} which is a standardised location for admins to
install non-distro executables, and these executables are no less
"trustworthy" than /usr/bin and friends. See neutron and cinder's
rootwrap.conf (and probably others), and typical distro default values
for sudoers/secure_path for extremely similar precedents that all include
/usr/local/*bin.
See the same patch of nova for more information:
https://review.openstack.org/#/c/280052/1
And see I710cf142b834381c00e651cfc062299ae755c33f for brief discussion
of doing this via devstack before.
Change-Id: If5ed1d7d81fdac10fc2b1608aafe20833e0f2980
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/ceilometer/rootwrap.conf | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/ceilometer/rootwrap.conf b/etc/ceilometer/rootwrap.conf index c79065c7..f5d90d20 100644 --- a/etc/ceilometer/rootwrap.conf +++ b/etc/ceilometer/rootwrap.conf @@ -10,7 +10,7 @@ filters_path=/etc/ceilometer/rootwrap.d,/usr/share/ceilometer/rootwrap # explicitely specify a full path (separated by ',') # If not specified, defaults to system PATH environment variable. # These directories MUST all be only writeable by root ! -exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin +exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin # Enable logging to syslog # Default value is False |