diff options
| author | Michael Still <mikal@stillhq.com> | 2017-09-18 23:15:10 +1000 |
|---|---|---|
| committer | Michael Still <mikal@stillhq.com> | 2017-09-18 23:15:10 +1000 |
| commit | e00d8eb7593edb443f18c779b3fedc5bb91d79f8 (patch) | |
| tree | 26a01da37e96d8787768e39754484f515c246c43 /etc | |
| parent | 8ea68a5ebebe9caddbb22ddbb2502a2d7d426e8e (diff) | |
| download | nova-e00d8eb7593edb443f18c779b3fedc5bb91d79f8.tar.gz | |
Squash dac_admin privsep context.
As discussed at the PTG, squash the dac_admin privsep context into
the sysadmin context.
Change-Id: I10142be4baa404835fabebd50f7f976ca6ec402e
blueprint: hurrah-for-privsep
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/nova/rootwrap.d/compute.filters | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/nova/rootwrap.d/compute.filters b/etc/nova/rootwrap.d/compute.filters index 1a6127815d..dcee0c1126 100644 --- a/etc/nova/rootwrap.d/compute.filters +++ b/etc/nova/rootwrap.d/compute.filters @@ -198,10 +198,10 @@ scsi_id: CommandFilter, /lib/udev/scsi_id, root # and (implicitly) the actual python code invoked. privsep-rootwrap-os_brick: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, os_brick.privileged.default, --privsep_sock_path, /tmp/.* -privsep-rootwrap-dac_admin: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, nova.privsep.dac_admin_pctxt, --privsep_sock_path, /tmp/.* - privsep-rootwrap-dacnet_admin: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, nova.privsep.dacnet_admin_pctxt, --privsep_sock_path, /tmp/.* +privsep-rootwrap-sys_admin: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, nova.privsep.sys_admin_pctxt, --privsep_sock_path, /tmp/.* + # nova/virt/libvirt/storage/dmcrypt.py: cryptsetup: CommandFilter, cryptsetup, root |