quantum-debug ping-all does work with rootwrap enabled
Bug #1071110 reported by
Mark McClain
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Undecided
|
Nachi Ueno |
Bug Description
The quantum-debug ping-all does not have enough privileges when rootwrap is enabled.
There are two solutions:
EASY: Add /bin/ping and /bin/ping6 to the list of approved commands.
SECURE: Require that quantum-debug be invoked as the super user.
Requiring quantum-debug be invoked as the super user avoids having to expand filters to programs that would not be run during normal operations.
Changed in quantum: | |
status: | New → Confirmed |
Changed in quantum: | |
milestone: | none → grizzly-2 |
status: | Fix Committed → Fix Released |
Changed in quantum: | |
milestone: | grizzly-2 → 2013.1 |
To post a comment you must log in.
Hi Mark
I'm going to remove probe-exec command, and I would like to add ping or nc to approved command.
probe-exec command will show only exec command.
Is this make sense?