Privsep configuration for neutron-fwaas
This patch adds fwaas-privsep.filters to FWaaS repository to be easier to maintain. It also helps avoid making Neutron be inversely depended on FWaaS when perform privsep configuration as in https://review.openstack.org/#/c/392014/. Change-Id: I71308130fbcc861a167371339c89a47410b8d09a
This commit is contained in:
parent
d2938b2471
commit
27b0fff119
|
@ -55,6 +55,8 @@ function init_fwaas() {
|
||||||
mkdir /etc/neutron/policy.d
|
mkdir /etc/neutron/policy.d
|
||||||
fi
|
fi
|
||||||
cp $DEST/neutron-fwaas/etc/neutron/policy.d/neutron-fwaas.json /etc/neutron/policy.d/neutron-fwaas.json
|
cp $DEST/neutron-fwaas/etc/neutron/policy.d/neutron-fwaas.json /etc/neutron/policy.d/neutron-fwaas.json
|
||||||
|
# Using sudo to gain the root privilege to be able to copy file to rootwrap.d
|
||||||
|
sudo cp $DEST/neutron-fwaas/etc/neutron/rootwrap.d/fwaas-privsep.filters /etc/neutron/rootwrap.d/fwaas-privsep.filters
|
||||||
}
|
}
|
||||||
|
|
||||||
function shutdown_fwaas() {
|
function shutdown_fwaas() {
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
# neutron-fwaas privsep filters
|
||||||
|
|
||||||
|
# This file should be owned by (and only-writeable by) the root user
|
||||||
|
|
||||||
|
[Filters]
|
||||||
|
|
||||||
|
privsep-rootwrap: PathFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, neutron_fwaas.privileged.default
|
Loading…
Reference in New Issue