Merge "Support rootwrap sysctl and conntrack commands for non-l3 nodes"

2016-01-08 11:59:07 +00:00 · 2016-01-08 11:59:07 +00:00 · b6a2a659e4
commit b6a2a659e4
parent 0d77401ceb 0d5d014955
1 changed files with 7 additions and 0 deletions
--- a/etc/neutron/rootwrap.d/iptables-firewall.filters
+++ b/etc/neutron/rootwrap.d/iptables-firewall.filters
@ -19,3 +19,10 @@ ip6tables-restore: CommandFilter, ip6tables-restore, root
 #   "iptables", "-A", ...
 iptables: CommandFilter, iptables, root
 ip6tables: CommandFilter, ip6tables, root
+
+# neutron/agent/linux/iptables_manager.py
+#   "sysctl", "-w", ...
+sysctl: CommandFilter, sysctl, root
+
+# neutron/agent/linux/ip_conntrack.py
+conntrack: CommandFilter, conntrack, root