Add RHEL8 platform-python to the L3 rootwrap filters

In L3 rootwrap filters we have filter to kill neutron-keepalived-state-change process. As this process is run under python, in commit [1] we added KillFilter rules to allow kill various Python processes. In RHEL8 there are "system" and "user" python versions provided. It is called "platform-python" and is placed in /usr/libexec dir. Details about it are in [2]. So this patch adds to neutron-keepalived-state-change Kill filters also /usr/libexec/platform-python and /usr/libexec/platform-python3.6 to allow killing this process on RHEL8 based OS. [1] https://review.opendev.org/#/c/636710/ [2] https://developers.redhat.com/blog/2018/11/14/python-in-rhel-8/ Change-Id: Iafdaf2c1a6e5c1f5de856ff99e04c72c911c5123
2019-05-17 10:15:45 +02:00 · 2019-05-17 10:15:45 +02:00 · 4597dfc136
commit 4597dfc136
parent 1134b2a44d
1 changed files with 6 additions and 0 deletions
--- a/etc/neutron/rootwrap.d/l3.filters
+++ b/etc/neutron/rootwrap.d/l3.filters
@ -69,3 +69,9 @@ kill_keepalived_monitor_py3: KillFilter, root, python3, -15
 kill_keepalived_monitor_py35: KillFilter, root, python3.5, -15
 kill_keepalived_monitor_py36: KillFilter, root, python3.6, -15
 kill_keepalived_monitor_py37: KillFilter, root, python3.7, -15
+# For e.g. RHEL8 neutron-keepalived-state-change is run by "system python"
+# which is /usr/libexec/platform-python3.6 so this should be in filters also.
+# Path /usr/libexec isn't in PATH by default so it has to be given here as
+# absolute path
+kill_keepalived_monitor_platform_py: KillFilter, root, /usr/libexec/platform-python, -15
+kill_keepalived_monitor_platform_py36: KillFilter, root, /usr/libexec/platform-python3.6, -15