"ping"/"ping6" command support in rootwrap filters

To have correct support in rootwrap, "ping"/"ping6" command should
have the correct filters in rootwrap.

Because "ping" command is harmless, "CommandFilter" is used to allow
any binary call, regardless of the parameters used and the order.

Nevertheless, this patch also proposes to use "ping"/"ping6" with
the same parameters and a specific order, to help in the debug
process:
- ping[6] -W <timeout> <address>
- ping[6] -W <timeout> -c <count> <address>
- ping[6] -W <timeout> -c <count> -i <interval> <address>

Those commands could be called from inside a namespace. The needed
filter is also added in this patch.

Change-Id: Ie5cbc0dcc76672b26cd2605f08cfd17a30b4c905
Closes-Bug: #1863006

1 files changed, 4 insertions, 4 deletions

diff --git a/etc/neutron/rootwrap.d/debug.filters b/etc/neutron/rootwrap.d/debug.filters
index 86e3041604..2fc1ae4ebd 100644
--- a/etc/neutron/rootwrap.d/debug.filters
+++ b/etc/neutron/rootwrap.d/debug.filters
@@ -12,10 +12,10 @@
 # from inside a namespace which requires root
 # _alt variants allow to match -c and -w in any order
 #   (used by NeutronDebugAgent.ping_all)
-ping: RegExpFilter, ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
-ping_alt: RegExpFilter, ping, root, ping, -c, \d+, -w, \d+, [0-9\.]+
-ping6: RegExpFilter, ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+
-ping6_alt: RegExpFilter, ping6, root, ping6, -c, \d+, -w, \d+, [0-9A-Fa-f:]+
+ping: CommandFilter, ping, root
+ping6: CommandFilter, ping6, root
+ping_exec: IpNetnsExecFilter, ping, root
+ping6_exec: IpNetnsExecFilter, ping6, root
 
 # "sleep" command, only for testing
 sleep: RegExpFilter, sleep, root, sleep, \d+