summaryrefslogtreecommitdiff
path: root/openstack/etc/nova/rootwrap.d/network.filters
diff options
context:
space:
mode:
Diffstat (limited to 'openstack/etc/nova/rootwrap.d/network.filters')
-rw-r--r--openstack/etc/nova/rootwrap.d/network.filters94
1 files changed, 94 insertions, 0 deletions
diff --git a/openstack/etc/nova/rootwrap.d/network.filters b/openstack/etc/nova/rootwrap.d/network.filters
new file mode 100644
index 00000000..568e8d49
--- /dev/null
+++ b/openstack/etc/nova/rootwrap.d/network.filters
@@ -0,0 +1,94 @@
+# nova-rootwrap command filters for network nodes
+# This file should be owned by (and only-writeable by) the root user
+
+[Filters]
+# nova/virt/libvirt/vif.py: 'ip', 'tuntap', 'add', dev, 'mode', 'tap'
+# nova/virt/libvirt/vif.py: 'ip', 'link', 'set', dev, 'up'
+# nova/virt/libvirt/vif.py: 'ip', 'link', 'delete', dev
+# nova/network/linux_net.py: 'ip', 'addr', 'add', str(floating_ip)+'/32'i..
+# nova/network/linux_net.py: 'ip', 'addr', 'del', str(floating_ip)+'/32'..
+# nova/network/linux_net.py: 'ip', 'addr', 'add', '169.254.169.254/32',..
+# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', dev, 'scope',..
+# nova/network/linux_net.py: 'ip', 'addr', 'del/add', ip_params, dev)
+# nova/network/linux_net.py: 'ip', 'addr', 'del', params, fields[-1]
+# nova/network/linux_net.py: 'ip', 'addr', 'add', params, bridge
+# nova/network/linux_net.py: 'ip', '-f', 'inet6', 'addr', 'change', ..
+# nova/network/linux_net.py: 'ip', 'link', 'set', 'dev', dev, 'promisc',..
+# nova/network/linux_net.py: 'ip', 'link', 'add', 'link', bridge_if ...
+# nova/network/linux_net.py: 'ip', 'link', 'set', interface, address,..
+# nova/network/linux_net.py: 'ip', 'link', 'set', interface, 'up'
+# nova/network/linux_net.py: 'ip', 'link', 'set', bridge, 'up'
+# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', interface, ..
+# nova/network/linux_net.py: 'ip', 'link', 'set', dev, address, ..
+# nova/network/linux_net.py: 'ip', 'link', 'set', dev, 'up'
+# nova/network/linux_net.py: 'ip', 'route', 'add', ..
+# nova/network/linux_net.py: 'ip', 'route', 'del', .
+# nova/network/linux_net.py: 'ip', 'route', 'show', 'dev', dev
+ip: CommandFilter, ip, root
+
+# nova/virt/libvirt/vif.py: 'ovs-vsctl', ...
+# nova/virt/libvirt/vif.py: 'ovs-vsctl', 'del-port', ...
+# nova/network/linux_net.py: 'ovs-vsctl', ....
+ovs-vsctl: CommandFilter, ovs-vsctl, root
+
+# nova/network/linux_net.py: 'ovs-ofctl', ....
+ovs-ofctl: CommandFilter, ovs-ofctl, root
+
+# nova/virt/libvirt/vif.py: 'ivs-ctl', ...
+# nova/virt/libvirt/vif.py: 'ivs-ctl', 'del-port', ...
+# nova/network/linux_net.py: 'ivs-ctl', ....
+ivs-ctl: CommandFilter, ivs-ctl, root
+
+# nova/virt/libvirt/vif.py: 'ifc_ctl', ...
+ifc_ctl: CommandFilter, /opt/pg/bin/ifc_ctl, root
+
+# nova/virt/libvirt/vif.py: 'ebrctl', ...
+ebrctl: CommandFilter, ebrctl, root
+
+# nova/virt/libvirt/vif.py: 'mm-ctl', ...
+mm-ctl: CommandFilter, mm-ctl, root
+
+# nova/network/linux_net.py: 'ebtables', '-D' ...
+# nova/network/linux_net.py: 'ebtables', '-I' ...
+ebtables: CommandFilter, ebtables, root
+ebtables_usr: CommandFilter, ebtables, root
+
+# nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ...
+iptables-save: CommandFilter, iptables-save, root
+ip6tables-save: CommandFilter, ip6tables-save, root
+
+# nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,)
+iptables-restore: CommandFilter, iptables-restore, root
+ip6tables-restore: CommandFilter, ip6tables-restore, root
+
+# nova/network/linux_net.py: 'arping', '-U', floating_ip, '-A', '-I', ...
+# nova/network/linux_net.py: 'arping', '-U', network_ref['dhcp_server'],..
+arping: CommandFilter, arping, root
+
+# nova/network/linux_net.py: 'dhcp_release', dev, address, mac_address
+dhcp_release: CommandFilter, dhcp_release, root
+
+# nova/network/linux_net.py: 'kill', '-9', pid
+# nova/network/linux_net.py: 'kill', '-HUP', pid
+kill_dnsmasq: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP
+
+# nova/network/linux_net.py: 'kill', pid
+kill_radvd: KillFilter, root, /usr/sbin/radvd
+
+# nova/network/linux_net.py: dnsmasq call
+dnsmasq: EnvFilter, env, root, CONFIG_FILE=, NETWORK_ID=, dnsmasq
+
+# nova/network/linux_net.py: 'radvd', '-C', '%s' % _ra_file(dev, 'conf'..
+radvd: CommandFilter, radvd, root
+
+# nova/network/linux_net.py: 'brctl', 'addbr', bridge
+# nova/network/linux_net.py: 'brctl', 'setfd', bridge, 0
+# nova/network/linux_net.py: 'brctl', 'stp', bridge, 'off'
+# nova/network/linux_net.py: 'brctl', 'addif', bridge, interface
+brctl: CommandFilter, brctl, root
+
+# nova/network/linux_net.py: 'sysctl', ....
+sysctl: CommandFilter, sysctl, root
+
+# nova/network/linux_net.py: 'conntrack'
+conntrack: CommandFilter, conntrack, root
View Lorry Controller Status