Implement conntrack command privsep context
This context has only "CAP_NET_ADMIN" capability. Story: #2007686 Task: #42240 Change-Id: I8522c9c1e2243ea471d51fa50d04db476655e6d0
This commit is contained in:
parent
3cee5f7201
commit
f616f84e95
|
@ -54,3 +54,11 @@ namespace_cmd = priv_context.PrivContext(
|
|||
pypath=__name__ + '.namespace_cmd',
|
||||
capabilities=[caps.CAP_SYS_ADMIN]
|
||||
)
|
||||
|
||||
|
||||
conntrack_cmd = priv_context.PrivContext(
|
||||
__name__,
|
||||
cfg_section='privsep_conntrack',
|
||||
pypath=__name__ + '.conntrack_cmd',
|
||||
capabilities=[caps.CAP_NET_ADMIN]
|
||||
)
|
||||
|
|
|
@ -263,7 +263,7 @@ def _parse_entry(entry, ipversion, zone):
|
|||
return tuple(parsed_entry)
|
||||
|
||||
|
||||
@privileged.default.entrypoint
|
||||
@privileged.conntrack_cmd.entrypoint
|
||||
def list_entries(zone):
|
||||
"""List and parse all conntrack entries in zone
|
||||
|
||||
|
@ -289,7 +289,7 @@ def list_entries(zone):
|
|||
return sorted(parsed_entries, key=lambda x: x[3])
|
||||
|
||||
|
||||
@privileged.default.entrypoint
|
||||
@privileged.conntrack_cmd.entrypoint
|
||||
def delete_entries(entries):
|
||||
"""Delete selected entries
|
||||
|
||||
|
|
Loading…
Reference in New Issue