Add missing rootwrap filter for cryptsetup

This change restores the rootwrap filter for cryptsetup that was recently removed by I37ffc90c0bd57029fced251b5cfd7cd4318a0292 from compute.filters, as it is still needed by dmcrypt. Without the rootwrap filter, `cryptsetup` is not authorized to run with root permissions. Change-Id: I5fe3e5d5e5a9694d0dbe5b59248e5eaf89858c62 Closes-Bug: #1688166
author: Jackie Truong <jacklyn.truong@jhuapl.edu> 2017-05-03 23:11:32 -0400
committer: jichenjc <jichenjc@cn.ibm.com> 2017-05-08 10:05:48 +0800
commit: a963aecb4ce91bbb2a2e1e6560e121bc295c36ff (patch)
tree: 356b65daf8f35bcb7f8353be9a0d6eca6d4b081b /etc
parent: c2c6960e374351b3ce1b43a564b57e14b54c4877 (diff)
download: nova-a963aecb4ce91bbb2a2e1e6560e121bc295c36ff.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/nova/rootwrap.d/compute.filters b/etc/nova/rootwrap.d/compute.filters
index f4a774c6b6..a6bc32c10f 100644
--- a/etc/nova/rootwrap.d/compute.filters
+++ b/etc/nova/rootwrap.d/compute.filters
@@ -225,6 +225,9 @@ privsep-rootwrap: RegExpFilter, privsep-helper, root, privsep-helper, --config-f
 # nova/storage/linuxscsi.py: sg_scan device
 sg_scan: CommandFilter, sg_scan, root
 
+# nova/virt/libvirt/storage/dmcrypt.py:
+cryptsetup: CommandFilter, cryptsetup, root
+
 # nova/virt/xenapi/vm_utils.py:
 xenstore-read: CommandFilter, xenstore-read, root
author	Jackie Truong <jacklyn.truong@jhuapl.edu>	2017-05-03 23:11:32 -0400
committer	jichenjc <jichenjc@cn.ibm.com>	2017-05-08 10:05:48 +0800
commit	a963aecb4ce91bbb2a2e1e6560e121bc295c36ff (patch)
tree	356b65daf8f35bcb7f8353be9a0d6eca6d4b081b /etc
parent	c2c6960e374351b3ce1b43a564b57e14b54c4877 (diff)
download	nova-a963aecb4ce91bbb2a2e1e6560e121bc295c36ff.tar.gz