From db364347408cbf55740259c6be33ee5574d30560 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dirk@dmllr.de>
Date: Sat, 18 May 2013 17:13:02 +0200
Subject: [PATCH] Add _usr variants for iptables rootwraps

On SUSE, the paths are inside /usr for totally
weird reasons.

Fixes bug #1156044

Change-Id: I7f98359f89236891289fc24d62949d7097d774dd
---
 etc/quantum/rootwrap.d/iptables-firewall.filters | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/etc/quantum/rootwrap.d/iptables-firewall.filters b/etc/quantum/rootwrap.d/iptables-firewall.filters
index 2049e0e9f..1d32f42a3 100644
--- a/etc/quantum/rootwrap.d/iptables-firewall.filters
+++ b/etc/quantum/rootwrap.d/iptables-firewall.filters
@@ -11,11 +11,17 @@
 # quantum/agent/linux/iptables_manager.py
 #   "iptables-save", ...
 iptables-save: CommandFilter, /sbin/iptables-save, root
+iptables-save_usr: CommandFilter, /usr/sbin/iptables-save, root
 iptables-restore: CommandFilter, /sbin/iptables-restore, root
+iptables-restore_usr: CommandFilter, /usr/sbin/iptables-restore, root
 ip6tables-save: CommandFilter, /sbin/ip6tables-save, root
+ip6tables-save_usr: CommandFilter, /usr/sbin/ip6tables-save, root
 ip6tables-restore: CommandFilter, /sbin/ip6tables-restore, root
+ip6tables-restore_usr: CommandFilter, /usr/sbin/ip6tables-restore, root
 
 # quantum/agent/linux/iptables_manager.py
 #   "iptables", "-A", ...
 iptables: CommandFilter, /sbin/iptables, root
+iptables_usr: CommandFilter, /usr/sbin/iptables, root
 ip6tables: CommandFilter, /sbin/ip6tables, root
+ip6tables_usr: CommandFilter, /usr/sbin/ip6tables, root