spacepaste

Paste details

reply | raw | toggle line wrapping

  1.  
  2. # cinder-rootwrap command filters for volume nodes
  3. # This file should be owned by (and only-writeable by) the root user
  5. [Filters]
  6. # cinder/volume/iscsi.py: iscsi_helper '--op' ...
  7. ietadm: CommandFilter, ietadm, root
  8. tgtadm: CommandFilter, tgtadm, root
  9. iscsictl: CommandFilter, iscsictl, root
  10. tgt-admin: CommandFilter, tgt-admin, root
  11. cinder-rtstool: CommandFilter, cinder-rtstool, root
  12. scstadmin: CommandFilter, scstadmin, root
  14. # LVM related show commands
  15. pvs: EnvFilter, env, root, LC_ALL=C, pvs
  16. vgs: EnvFilter, env, root, LC_ALL=C, vgs
  17. lvs: EnvFilter, env, root, LC_ALL=C, lvs
  18. lvdisplay: EnvFilter, env, root, LC_ALL=C, lvdisplay
  20. # -LVM related show commands with suppress fd warnings
  21. pvs_fdwarn: EnvFilter, env, root, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, pvs
  22. vgs_fdwarn: EnvFilter, env, root, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, vgs
  23. lvs_fdwarn: EnvFilter, env, root, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, lvs
  24. lvdisplay_fdwarn: EnvFilter, env, root, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, lvdisplay
  27. # -LVM related show commands conf var
  28. pvs_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, pvs
  29. vgs_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, vgs
  30. lvs_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, lvs
  31. lvdisplay_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, lvdisplay
  33. # -LVM conf var with suppress fd_warnings
  34. pvs_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, pvs
  35. vgs_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, vgs
  36. lvs_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, lvs
  37. lvdisplay_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, lvdisplay
  39. # os-brick library commands
  40. # os_brick.privileged.run_as_root oslo.privsep context
  41. # This line ties the superuser privs with the config files, context name,
  42. # and (implicitly) the actual python code invoked.
  43. privsep-rootwrap: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, os_brick.privileged.default, --privsep_sock_path, /tmp/.*
  44. # The following and any cinder/brick/* entries should all be obsoleted
  45. # by privsep, and may be removed once the os-brick version requirement
  46. # is updated appropriately.
  47. scsi_id: CommandFilter, /lib/udev/scsi_id, root
  48. drbdadm: CommandFilter, drbdadm, root
  50. # cinder/brick/local_dev/lvm.py: 'vgcreate', vg_name, pv_list
  51. vgcreate: CommandFilter, vgcreate, root
  53. # cinder/brick/local_dev/lvm.py: 'lvcreate', '-L', sizestr, '-n', volume_name,..
  54. # cinder/brick/local_dev/lvm.py: 'lvcreate', '-L', ...
  55. lvcreate: EnvFilter, env, root, LC_ALL=C, lvcreate
  56. lvcreate_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, lvcreate
  57. lvcreate_fdwarn: EnvFilter, env, root, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, lvcreate
  58. lvcreate_lvmconf_fdwarn: EnvFilter, env, root, LVM_SYSTEM_DIR=, LVM_SUPPRESS_FD_WARNINGS=, LC_ALL=C, lvcreate
  60. # cinder/volume/driver.py: 'dd', 'if=%s' % srcstr, 'of=%s' % deststr,...
  61. dd: CommandFilter, dd, root
  63. # cinder/volume/driver.py: 'lvremove', '-f', %s/%s % ...
  64. lvremove: CommandFilter, lvremove, root
  66. # cinder/volume/driver.py: 'lvrename', '%(vg)s', '%(orig)s' '(new)s'...
  67. lvrename: CommandFilter, lvrename, root
  69. # cinder/brick/local_dev/lvm.py: 'lvextend', '-L' '%(new_size)s', '%(lv_name)s' ...
  70. # cinder/brick/local_dev/lvm.py: 'lvextend', '-L' '%(new_size)s', '%(thin_pool)s' ...
  71. lvextend: EnvFilter, env, root, LC_ALL=C, lvextend
  72. lvextend_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, lvextend
  73. lvextend_fdwarn: EnvFilter, env, root, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, lvextend
  74. lvextend_lvmconf_fdwarn: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, lvextend
  76. # cinder/brick/local_dev/lvm.py: 'lvchange -a y -K <lv>'
  77. lvchange: CommandFilter, lvchange, root
  79. # cinder/brick/local_dev/lvm.py: 'lvconvert', '--merge', snapshot_name
  80. lvconvert: CommandFilter, lvconvert, root
  82. # cinder/volume/driver.py: 'iscsiadm', '-m', 'discovery', '-t',...
  83. # cinder/volume/driver.py: 'iscsiadm', '-m', 'node', '-T', ...
  84. iscsiadm: CommandFilter, iscsiadm, root
  86. # cinder/volume/utils.py: utils.temporary_chown(path, 0)
  87. chown: CommandFilter, chown, root
  89. # cinder/volume/utils.py: copy_volume(..., ionice='...')
  90. ionice_1: ChainingRegExpFilter, ionice, root, ionice, -c[0-3], -n[0-7]
  91. ionice_2: ChainingRegExpFilter, ionice, root, ionice, -c[0-3]
  93. # cinder/volume/utils.py: setup_blkio_cgroup()
  94. cgcreate: CommandFilter, cgcreate, root
  95. cgset: CommandFilter, cgset, root
  96. cgexec: ChainingRegExpFilter, cgexec, root, cgexec, -g, blkio:\S+
  98. # cinder/volume/driver.py
  99. dmsetup: CommandFilter, dmsetup, root
  100. ln: CommandFilter, ln, root
  102. # cinder/image/image_utils.py
  103. qemu-img: EnvFilter, env, root, LC_ALL=C, qemu-img
  104. qemu-img_convert: CommandFilter, qemu-img, root
  106. udevadm: CommandFilter, udevadm, root
  108. # cinder/volume/driver.py: utils.read_file_as_root()
  109. cat: CommandFilter, cat, root
  111. # cinder/volume/nfs.py
  112. stat: CommandFilter, stat, root
  113. mount: CommandFilter, mount, root
  114. df: CommandFilter, df, root
  115. du: CommandFilter, du, root
  116. truncate: CommandFilter, truncate, root
  117. chmod: CommandFilter, chmod, root
  118. rm: CommandFilter, rm, root
  120. # cinder/volume/drivers/remotefs.py
  121. mkdir: CommandFilter, mkdir, root
  123. # cinder/volume/drivers/netapp/nfs.py:
  124. netapp_nfs_find: RegExpFilter, find, root, find, ^[/]*([^/\0]+(/+)?)*$, -maxdepth, \d+, -name, img-cache.*, -amin, \+\d+
  126. # cinder/volume/drivers/glusterfs.py
  127. chgrp: CommandFilter, chgrp, root
  128. umount: CommandFilter, umount, root
  129. fallocate: CommandFilter, fallocate, root
  131. # cinder/volumes/drivers/hds/hds.py:
  132. hus-cmd: CommandFilter, hus-cmd, root
  133. hus-cmd_local: CommandFilter, /usr/local/bin/hus-cmd, root
  135. # cinder/volumes/drivers/hds/hnas_backend.py
  136. ssc: CommandFilter, ssc, root
  138. # cinder/brick/initiator/connector.py:
  139. ls: CommandFilter, ls, root
  140. tee: CommandFilter, tee, root
  141. multipath: CommandFilter, multipath, root
  142. multipathd: CommandFilter, multipathd, root
  143. systool: CommandFilter, systool, root
  145. # cinder/volume/drivers/block_device.py
  146. blockdev: CommandFilter, blockdev, root
  148. # cinder/volume/drivers/ibm/gpfs.py
  149. # cinder/volume/drivers/tintri.py
  150. mv: CommandFilter, mv, root
  152. # cinder/volume/drivers/ibm/gpfs.py
  153. cp: CommandFilter, cp, root
  154. mmgetstate: CommandFilter, /usr/lpp/mmfs/bin/mmgetstate, root
  155. mmclone: CommandFilter, /usr/lpp/mmfs/bin/mmclone, root
  156. mmlsattr: CommandFilter, /usr/lpp/mmfs/bin/mmlsattr, root
  157. mmchattr: CommandFilter, /usr/lpp/mmfs/bin/mmchattr, root
  158. mmlsconfig: CommandFilter, /usr/lpp/mmfs/bin/mmlsconfig, root
  159. mmlsfs: CommandFilter, /usr/lpp/mmfs/bin/mmlsfs, root
  160. mmlspool: CommandFilter, /usr/lpp/mmfs/bin/mmlspool, root
  161. mkfs: CommandFilter, mkfs, root
  162. mmcrfileset: CommandFilter, /usr/lpp/mmfs/bin/mmcrfileset, root
  163. mmlinkfileset: CommandFilter, /usr/lpp/mmfs/bin/mmlinkfileset, root
  164. mmunlinkfileset: CommandFilter, /usr/lpp/mmfs/bin/mmunlinkfileset, root
  165. mmdelfileset: CommandFilter, /usr/lpp/mmfs/bin/mmdelfileset, root
  166. mmcrsnapshot: CommandFilter, /usr/lpp/mmfs/bin/mmcrsnapshot, root
  167. mmdelsnapshot: CommandFilter, /usr/lpp/mmfs/bin/mmdelsnapshot, root
  169. # cinder/volume/drivers/ibm/gpfs.py
  170. # cinder/volume/drivers/ibm/ibmnas.py
  171. find_maxdepth_inum: RegExpFilter, find, root, find, ^[/]*([^/\0]+(/+)?)*$, -maxdepth, \d+, -ignore_readdir_race, -inum, \d+, -print0, -quit
  173. # cinder/brick/initiator/connector.py:
  174. aoe-revalidate: CommandFilter, aoe-revalidate, root
  175. aoe-discover: CommandFilter, aoe-discover, root
  176. aoe-flush: CommandFilter, aoe-flush, root
  178. # cinder/brick/initiator/linuxscsi.py:
  179. sg_scan: CommandFilter, sg_scan, root
  181. #cinder/backup/services/tsm.py
  182. dsmc:CommandFilter,/usr/bin/dsmc,root
  184. # cinder/volume/drivers/hitachi/hbsd_horcm.py
  185. raidqry: CommandFilter, raidqry, root
  186. raidcom: CommandFilter, raidcom, root
  187. pairsplit: CommandFilter, pairsplit, root
  188. paircreate: CommandFilter, paircreate, root
  189. pairdisplay: CommandFilter, pairdisplay, root
  190. pairevtwait: CommandFilter, pairevtwait, root
  191. horcmstart.sh: CommandFilter, horcmstart.sh, root
  192. horcmshutdown.sh: CommandFilter, horcmshutdown.sh, root
  193. horcmgr: EnvFilter, env, root, HORCMINST=, /etc/horcmgr
  195. # cinder/volume/drivers/hitachi/hbsd_snm2.py
  196. auman: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auman
  197. auluref: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auluref
  198. auhgdef: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auhgdef
  199. aufibre1: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/aufibre1
  200. auhgwwn: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auhgwwn
  201. auhgmap: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auhgmap
  202. autargetmap: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/autargetmap
  203. aureplicationvvol: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/aureplicationvvol
  204. auluadd: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auluadd
  205. auludel: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auludel
  206. auluchgsize: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auluchgsize
  207. auchapuser: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auchapuser
  208. autargetdef: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/autargetdef
  209. autargetopt: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/autargetopt
  210. autargetini: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/autargetini
  211. auiscsi: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auiscsi
  212. audppool: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/audppool
  213. aureplicationlocal: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/aureplicationlocal
  214. aureplicationmon: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/aureplicationmon
  216. # cinder/volume/drivers/hgst.py
  217. vgc-cluster: CommandFilter, vgc-cluster, root
  219. # cinder/volume/drivers/vzstorage.py
  220. pstorage-mount: CommandFilter, pstorage-mount, root
  221. pstorage: CommandFilter, pstorage, root
  222. ploop: CommandFilter, ploop, root
  224. # initiator/connector.py:
  225. drv_cfg: CommandFilter, /opt/emc/scaleio/sdc/bin/drv_cfg, root, /opt/emc/scaleio/sdc/bin/drv_cfg, --query_guid
  226.  
Powered by spacepaste. Paste removal.