summaryrefslogtreecommitdiff
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/rootwrap.conf27
-rw-r--r--etc/rootwrap.d/glance_cinder_store.filters29
2 files changed, 56 insertions, 0 deletions
diff --git a/etc/rootwrap.conf b/etc/rootwrap.conf
new file mode 100644
index 0000000..c376050
--- /dev/null
+++ b/etc/rootwrap.conf
@@ -0,0 +1,27 @@
+# Configuration for glance-rootwrap
+# This file should be owned by (and only-writeable by) the root user
+
+[DEFAULT]
+# List of directories to load filter definitions from (separated by ',').
+# These directories MUST all be only writeable by root !
+filters_path=/etc/glance/rootwrap.d,/usr/share/glance/rootwrap
+
+# List of directories to search executables in, in case filters do not
+# explicitely specify a full path (separated by ',')
+# If not specified, defaults to system PATH environment variable.
+# These directories MUST all be only writeable by root !
+exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin
+
+# Enable logging to syslog
+# Default value is False
+use_syslog=False
+
+# Which syslog facility to use.
+# Valid values include auth, authpriv, syslog, local0, local1...
+# Default value is 'syslog'
+syslog_log_facility=syslog
+
+# Which messages to log.
+# INFO means log all usage
+# ERROR means only log unsuccessful attempts
+syslog_log_level=ERROR
diff --git a/etc/rootwrap.d/glance_cinder_store.filters b/etc/rootwrap.d/glance_cinder_store.filters
new file mode 100644
index 0000000..2e3c92f
--- /dev/null
+++ b/etc/rootwrap.d/glance_cinder_store.filters
@@ -0,0 +1,29 @@
+# glance-rootwrap command filters for glance cinder store
+# This file should be owned by (and only-writeable by) the root user
+
+[Filters]
+# cinder store driver
+disk_chown: RegExpFilter, chown, root, chown, \d+, /dev/(?!.*/\.\.).*
+
+# os-brick
+mount: CommandFilter, mount, root
+blockdev: RegExpFilter, blockdev, root, blockdev, (--getsize64|--flushbufs), /dev/.*
+tee: CommandFilter, tee, root
+mkdir: CommandFilter, mkdir, root
+chown: RegExpFilter, chown, root, chown root:root /etc/pstorage/clusters/(?!.*/\.\.).*
+ip: CommandFilter, ip, root
+dd: CommandFilter, dd, root
+iscsiadm: CommandFilter, iscsiadm, root
+aoe-revalidate: CommandFilter, aoe-revalidate, root
+aoe-discover: CommandFilter, aoe-discover, root
+aoe-flush: CommandFilter, aoe-flush, root
+read_initiator: ReadFileFilter, /etc/iscsi/initiatorname.iscsi
+multipath: CommandFilter, multipath, root
+multipathd: CommandFilter, multipathd, root
+systool: CommandFilter, systool, root
+sg_scan: CommandFilter, sg_scan, root
+cp: CommandFilter, cp, root
+drv_cfg: CommandFilter, /opt/emc/scaleio/sdc/bin/drv_cfg, root, /opt/emc/scaleio/sdc/bin/drv_cfg, --query_guid
+sds_cli: CommandFilter, /usr/local/bin/sds/sds_cli, root
+vgc-cluster: CommandFilter, vgc-cluster, root
+scsi_id: CommandFilter, /lib/udev/scsi_id, root
View Lorry Controller Status