Commit 58389f18 authored by Chaozhe.Chen's avatar Chaozhe.Chen

Add /usr/local/{sbin,bin} to rootwrap exec_dirs

I noticed that nova, neutron and cinder's rootwrap exec_dirs include
/usr/local/{sbin,bin} which is a standardised location for admins to
install non-distro executables, and these executables are no less
"trustworthy" than /usr/bin and friends.  See neutron and cinder's
rootwrap.conf (and probably others), and typical distro default values
for sudoers/secure_path for extremely similar precedents that all include

See the same patch of nova for more information:
And see I710cf142b834381c00e651cfc062299ae755c33f for brief discussion
of doing this via devstack before.

Change-Id: If5ed1d7d81fdac10fc2b1608aafe20833e0f2980
parent 08433892
......@@ -10,7 +10,7 @@ filters_path=/etc/ceilometer/rootwrap.d,/usr/share/ceilometer/rootwrap
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
# Enable logging to syslog
# Default value is False
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment