openstack/devstack
Code Issues Proposed changes

Add /usr/local/bin to exec_dirs in rootwrap.conf

Browse Source 
devstack installs neutron utilities into /usr/local/bin such as
neutron-keepalived-state-change and neutron-ns-metadata-proxy.
In stead of adding individual filters to allow them to run from that
directory, this patch adds /usr/local/bin into exec_dirs.

Please also refer to I3abd1c173121dc8abb5738d1879db8ac9a98b690 for
discussion on the approach to fix the bug.

Change-Id: Iade8b5b09bb53018485c85f8372fb94dbc2ad2da
Closes-Bug: 1435971
This commit is contained in:
Robert Li 2015-04-21 15:48:22 -04:00
parent cd7655cbfc
commit 2c5d462d91
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/neutron-legacy
View File

@ -1145,6 +1145,8 @@ function _neutron_setup_rootwrap {
sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
fi
sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE
sudo sed -e 's:^exec_dirs=\(.*\)$:exec_dirs=\1,/usr/local/bin:' -i $Q_RR_CONF_FILE
# Specify ``rootwrap.conf`` as first parameter to neutron-rootwrap
ROOTWRAP_SUDOER_CMD="$NEUTRON_ROOTWRAP $Q_RR_CONF_FILE *"
ROOTWRAP_DAEMON_SUDOER_CMD="$NEUTRON_ROOTWRAP-daemon $Q_RR_CONF_FILE"