From 0c3d3c48a73f97cb5924a5fbfce9726a7097ae2e Mon Sep 17 00:00:00 2001 From: Edan David Date: Mon, 6 Nov 2017 08:20:52 -0500 Subject: [PATCH] Enable bridge command for openvswitch agent Allow ovs agent to run bridge command. This is necessary because FDB extension uses bridge to update the FDB table. Closes-Bug: #1730407 Change-Id: I0897f1efcf36fc7f6f06e80c3b29c0e1fa14b141 (cherry picked from commit c6d8ccb640b2c724c575c640ea044a5d3c711e2e) --- etc/neutron/rootwrap.d/openvswitch-plugin.filters | 3 +++ ...ridge-command-openvswitch-agent-d07c0b59ea9f864f.yaml | 9 +++++++++ 2 files changed, 12 insertions(+) create mode 100644 releasenotes/notes/enable-bridge-command-openvswitch-agent-d07c0b59ea9f864f.yaml diff --git a/etc/neutron/rootwrap.d/openvswitch-plugin.filters b/etc/neutron/rootwrap.d/openvswitch-plugin.filters index 89c44dd4197..e5290243be8 100644 --- a/etc/neutron/rootwrap.d/openvswitch-plugin.filters +++ b/etc/neutron/rootwrap.d/openvswitch-plugin.filters @@ -21,3 +21,6 @@ ovsdb-client: CommandFilter, ovsdb-client, root ip: IpFilter, ip, root find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.* ip_exec: IpNetnsExecFilter, ip, root + +# needed for FDB extension +bridge: CommandFilter, bridge, root diff --git a/releasenotes/notes/enable-bridge-command-openvswitch-agent-d07c0b59ea9f864f.yaml b/releasenotes/notes/enable-bridge-command-openvswitch-agent-d07c0b59ea9f864f.yaml new file mode 100644 index 00000000000..8c890dadb3f --- /dev/null +++ b/releasenotes/notes/enable-bridge-command-openvswitch-agent-d07c0b59ea9f864f.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - | + The Openvswitch agent has an extension called ``fdb`` that uses + the Linux ``bridge`` command. + The ``bridge`` command has been added to the + rootwrap openvswitch-plugin.filters file. + For more information, see bug: + `1730407 `_