spacepaste

  1.  
  2. # cinder-rootwrap command filters for volume nodes
  3. # This file should be owned by (and only-writeable by) the root user
  4. [Filters]
  5. # cinder/volume/iscsi.py: iscsi_helper '--op' ...
  6. ietadm: CommandFilter, ietadm, root
  7. tgtadm: CommandFilter, tgtadm, root
  8. iscsictl: CommandFilter, iscsictl, root
  9. tgt-admin: CommandFilter, tgt-admin, root
  10. cinder-rtstool: CommandFilter, cinder-rtstool, root
  11. scstadmin: CommandFilter, scstadmin, root
  12. # LVM related show commands
  13. pvs: EnvFilter, env, root, LC_ALL=C, pvs
  14. vgs: EnvFilter, env, root, LC_ALL=C, vgs
  15. lvs: EnvFilter, env, root, LC_ALL=C, lvs
  16. lvdisplay: EnvFilter, env, root, LC_ALL=C, lvdisplay
  17. # -LVM related show commands with suppress fd warnings
  18. pvs_fdwarn: EnvFilter, env, root, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, pvs
  19. vgs_fdwarn: EnvFilter, env, root, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, vgs
  20. lvs_fdwarn: EnvFilter, env, root, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, lvs
  21. lvdisplay_fdwarn: EnvFilter, env, root, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, lvdisplay
  22. # -LVM related show commands conf var
  23. pvs_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, pvs
  24. vgs_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, vgs
  25. lvs_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, lvs
  26. lvdisplay_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, lvdisplay
  27. # -LVM conf var with suppress fd_warnings
  28. pvs_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, pvs
  29. vgs_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, vgs
  30. lvs_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, lvs
  31. lvdisplay_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, lvdisplay
  32. # os-brick library commands
  33. # os_brick.privileged.run_as_root oslo.privsep context
  34. # This line ties the superuser privs with the config files, context name,
  35. # and (implicitly) the actual python code invoked.
  36. privsep-rootwrap: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, os_brick.privileged.default, --privsep_sock_path, /tmp/.*
  37. # The following and any cinder/brick/* entries should all be obsoleted
  38. # by privsep, and may be removed once the os-brick version requirement
  39. # is updated appropriately.
  40. scsi_id: CommandFilter, /lib/udev/scsi_id, root
  41. drbdadm: CommandFilter, drbdadm, root
  42. # cinder/brick/local_dev/lvm.py: 'vgcreate', vg_name, pv_list
  43. vgcreate: CommandFilter, vgcreate, root
  44. # cinder/brick/local_dev/lvm.py: 'lvcreate', '-L', sizestr, '-n', volume_name,..
  45. # cinder/brick/local_dev/lvm.py: 'lvcreate', '-L', ...
  46. lvcreate: EnvFilter, env, root, LC_ALL=C, lvcreate
  47. lvcreate_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, lvcreate
  48. lvcreate_fdwarn: EnvFilter, env, root, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, lvcreate
  49. lvcreate_lvmconf_fdwarn: EnvFilter, env, root, LVM_SYSTEM_DIR=, LVM_SUPPRESS_FD_WARNINGS=, LC_ALL=C, lvcreate
  50. # cinder/volume/driver.py: 'dd', 'if=%s' % srcstr, 'of=%s' % deststr,...
  51. dd: CommandFilter, dd, root
  52. # cinder/volume/driver.py: 'lvremove', '-f', %s/%s % ...
  53. lvremove: CommandFilter, lvremove, root
  54. # cinder/volume/driver.py: 'lvrename', '%(vg)s', '%(orig)s' '(new)s'...
  55. lvrename: CommandFilter, lvrename, root
  56. # cinder/brick/local_dev/lvm.py: 'lvextend', '-L' '%(new_size)s', '%(lv_name)s' ...
  57. # cinder/brick/local_dev/lvm.py: 'lvextend', '-L' '%(new_size)s', '%(thin_pool)s' ...
  58. lvextend: EnvFilter, env, root, LC_ALL=C, lvextend
  59. lvextend_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, lvextend
  60. lvextend_fdwarn: EnvFilter, env, root, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, lvextend
  61. lvextend_lvmconf_fdwarn: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, LVM_SUPPRESS_FD_WARNINGS=, lvextend
  62. # cinder/brick/local_dev/lvm.py: 'lvchange -a y -K <lv>'
  63. lvchange: CommandFilter, lvchange, root
  64. # cinder/brick/local_dev/lvm.py: 'lvconvert', '--merge', snapshot_name
  65. lvconvert: CommandFilter, lvconvert, root
  66. # cinder/volume/driver.py: 'iscsiadm', '-m', 'discovery', '-t',...
  67. # cinder/volume/driver.py: 'iscsiadm', '-m', 'node', '-T', ...
  68. iscsiadm: CommandFilter, iscsiadm, root
  69. # cinder/volume/utils.py: utils.temporary_chown(path, 0)
  70. chown: CommandFilter, chown, root
  71. # cinder/volume/utils.py: copy_volume(..., ionice='...')
  72. ionice_1: ChainingRegExpFilter, ionice, root, ionice, -c[0-3], -n[0-7]
  73. ionice_2: ChainingRegExpFilter, ionice, root, ionice, -c[0-3]
  74. # cinder/volume/utils.py: setup_blkio_cgroup()
  75. cgcreate: CommandFilter, cgcreate, root
  76. cgset: CommandFilter, cgset, root
  77. cgexec: ChainingRegExpFilter, cgexec, root, cgexec, -g, blkio:\S+
  78. # cinder/volume/driver.py
  79. dmsetup: CommandFilter, dmsetup, root
  80. ln: CommandFilter, ln, root
  81. # cinder/image/image_utils.py
  82. qemu-img: EnvFilter, env, root, LC_ALL=C, qemu-img
  83. qemu-img_convert: CommandFilter, qemu-img, root
  84. udevadm: CommandFilter, udevadm, root
  85. # cinder/volume/driver.py: utils.read_file_as_root()
  86. cat: CommandFilter, cat, root
  87. # cinder/volume/nfs.py
  88. stat: CommandFilter, stat, root
  89. mount: CommandFilter, mount, root
  90. df: CommandFilter, df, root
  91. du: CommandFilter, du, root
  92. truncate: CommandFilter, truncate, root
  93. chmod: CommandFilter, chmod, root
  94. rm: CommandFilter, rm, root
  95. # cinder/volume/drivers/remotefs.py
  96. mkdir: CommandFilter, mkdir, root
  97. # cinder/volume/drivers/netapp/nfs.py:
  98. netapp_nfs_find: RegExpFilter, find, root, find, ^[/]*([^/\0]+(/+)?)*$, -maxdepth, \d+, -name, img-cache.*, -amin, \+\d+
  99. # cinder/volume/drivers/glusterfs.py
  100. chgrp: CommandFilter, chgrp, root
  101. umount: CommandFilter, umount, root
  102. fallocate: CommandFilter, fallocate, root
  103. # cinder/volumes/drivers/hds/hds.py:
  104. hus-cmd: CommandFilter, hus-cmd, root
  105. hus-cmd_local: CommandFilter, /usr/local/bin/hus-cmd, root
  106. # cinder/volumes/drivers/hds/hnas_backend.py
  107. ssc: CommandFilter, ssc, root
  108. # cinder/brick/initiator/connector.py:
  109. ls: CommandFilter, ls, root
  110. tee: CommandFilter, tee, root
  111. multipath: CommandFilter, multipath, root
  112. multipathd: CommandFilter, multipathd, root
  113. systool: CommandFilter, systool, root
  114. # cinder/volume/drivers/block_device.py
  115. blockdev: CommandFilter, blockdev, root
  116. # cinder/volume/drivers/ibm/gpfs.py
  117. # cinder/volume/drivers/tintri.py
  118. mv: CommandFilter, mv, root
  119. # cinder/volume/drivers/ibm/gpfs.py
  120. cp: CommandFilter, cp, root
  121. mmgetstate: CommandFilter, /usr/lpp/mmfs/bin/mmgetstate, root
  122. mmclone: CommandFilter, /usr/lpp/mmfs/bin/mmclone, root
  123. mmlsattr: CommandFilter, /usr/lpp/mmfs/bin/mmlsattr, root
  124. mmchattr: CommandFilter, /usr/lpp/mmfs/bin/mmchattr, root
  125. mmlsconfig: CommandFilter, /usr/lpp/mmfs/bin/mmlsconfig, root
  126. mmlsfs: CommandFilter, /usr/lpp/mmfs/bin/mmlsfs, root
  127. mmlspool: CommandFilter, /usr/lpp/mmfs/bin/mmlspool, root
  128. mkfs: CommandFilter, mkfs, root
  129. mmcrfileset: CommandFilter, /usr/lpp/mmfs/bin/mmcrfileset, root
  130. mmlinkfileset: CommandFilter, /usr/lpp/mmfs/bin/mmlinkfileset, root
  131. mmunlinkfileset: CommandFilter, /usr/lpp/mmfs/bin/mmunlinkfileset, root
  132. mmdelfileset: CommandFilter, /usr/lpp/mmfs/bin/mmdelfileset, root
  133. mmcrsnapshot: CommandFilter, /usr/lpp/mmfs/bin/mmcrsnapshot, root
  134. mmdelsnapshot: CommandFilter, /usr/lpp/mmfs/bin/mmdelsnapshot, root
  135. # cinder/volume/drivers/ibm/gpfs.py
  136. # cinder/volume/drivers/ibm/ibmnas.py
  137. find_maxdepth_inum: RegExpFilter, find, root, find, ^[/]*([^/\0]+(/+)?)*$, -maxdepth, \d+, -ignore_readdir_race, -inum, \d+, -print0, -quit
  138. # cinder/brick/initiator/connector.py:
  139. aoe-revalidate: CommandFilter, aoe-revalidate, root
  140. aoe-discover: CommandFilter, aoe-discover, root
  141. aoe-flush: CommandFilter, aoe-flush, root
  142. # cinder/brick/initiator/linuxscsi.py:
  143. sg_scan: CommandFilter, sg_scan, root
  144. #cinder/backup/services/tsm.py
  145. dsmc:CommandFilter,/usr/bin/dsmc,root
  146. # cinder/volume/drivers/hitachi/hbsd_horcm.py
  147. raidqry: CommandFilter, raidqry, root
  148. raidcom: CommandFilter, raidcom, root
  149. pairsplit: CommandFilter, pairsplit, root
  150. paircreate: CommandFilter, paircreate, root
  151. pairdisplay: CommandFilter, pairdisplay, root
  152. pairevtwait: CommandFilter, pairevtwait, root
  153. horcmstart.sh: CommandFilter, horcmstart.sh, root
  154. horcmshutdown.sh: CommandFilter, horcmshutdown.sh, root
  155. horcmgr: EnvFilter, env, root, HORCMINST=, /etc/horcmgr
  156. # cinder/volume/drivers/hitachi/hbsd_snm2.py
  157. auman: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auman
  158. auluref: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auluref
  159. auhgdef: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auhgdef
  160. aufibre1: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/aufibre1
  161. auhgwwn: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auhgwwn
  162. auhgmap: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auhgmap
  163. autargetmap: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/autargetmap
  164. aureplicationvvol: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/aureplicationvvol
  165. auluadd: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auluadd
  166. auludel: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auludel
  167. auluchgsize: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auluchgsize
  168. auchapuser: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auchapuser
  169. autargetdef: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/autargetdef
  170. autargetopt: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/autargetopt
  171. autargetini: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/autargetini
  172. auiscsi: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auiscsi
  173. audppool: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/audppool
  174. aureplicationlocal: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/aureplicationlocal
  175. aureplicationmon: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/aureplicationmon
  176. # cinder/volume/drivers/hgst.py
  177. vgc-cluster: CommandFilter, vgc-cluster, root
  178. # cinder/volume/drivers/vzstorage.py
  179. pstorage-mount: CommandFilter, pstorage-mount, root
  180. pstorage: CommandFilter, pstorage, root
  181. ploop: CommandFilter, ploop, root
  182. # initiator/connector.py:
  183. drv_cfg: CommandFilter, /opt/emc/scaleio/sdc/bin/drv_cfg, root, /opt/emc/scaleio/sdc/bin/drv_cfg, --query_guid
  184.