dhcp.filters needs ovs_vsctl permission

The dhcp agent calls ovs_vsctl so it will fail if using rootwrap and these aren't specified. The reason why this was working using rootwrap before is because there are other filters in etc/quantum/rootwrap.d that specifiy ovs_vsctl which allows the agent to make those calls. Fixes bug 1090072 Change-Id: I509c191c97e7187361a09788e841ebb5a9f934c7
openstack · Dec 13, 2012 · 0e05ddd · 0e05ddd
1 parent 5afac1d
commit 0e05ddd
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/etc/quantum/rootwrap.d/dhcp.filters b/etc/quantum/rootwrap.d/dhcp.filters
@@ -20,6 +20,10 @@ kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP
 
 # dhcp-agent uses cat
 cat: RegExpFilter, /bin/cat, root, cat, /proc/\d+/cmdline
+ovs-vsctl: CommandFilter, /bin/ovs-vsctl, root
+ovs-vsctl_usr: CommandFilter, /usr/bin/ovs-vsctl, root
+ovs-vsctl_sbin: CommandFilter, /sbin/ovs-vsctl, root
+ovs-vsctl_sbin_usr: CommandFilter, /usr/sbin/ovs-vsctl, root
 
 # ip_lib
 ip: IpFilter, /sbin/ip, root