Merge "[neutron] Mend rootwrap privsep indentation"

2019-06-27 16:52:56 +00:00 · 2019-06-27 16:52:56 +00:00 · 5d993140d7
commit 5d993140d7
parent fcca95f3a4 67ede00551
1 changed files with 36 additions and 36 deletions
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -1475,46 +1475,46 @@ conf:
        # needed for FDB extension
        bridge: CommandFilter, bridge, root
-      privsep:
+    privsep:
-        pods:
+      pods:
-          - dhcp_agent
+        - dhcp_agent
-          - l3_agent
+        - l3_agent
-          - lb_agent
+        - lb_agent
-          - metadata_agent
+        - metadata_agent
-          - ovs_agent
+        - ovs_agent
-          - sriov_agent
+        - sriov_agent
-        content: |
+      content: |
-          # Command filters to allow privsep daemon to be started via rootwrap.
+        # Command filters to allow privsep daemon to be started via rootwrap.
-          #
+        #
-          # This file should be owned by (and only-writeable by) the root user
+        # This file should be owned by (and only-writeable by) the root user
-          [Filters]
+        [Filters]
-          # By installing the following, the local admin is asserting that:
+        # By installing the following, the local admin is asserting that:
-          #
+        #
-          # 1. The python module load path used by privsep-helper
+        # 1. The python module load path used by privsep-helper
-          #    command as root (as started by sudo/rootwrap) is trusted.
+        #    command as root (as started by sudo/rootwrap) is trusted.
-          # 2. Any oslo.config files matching the --config-file
+        # 2. Any oslo.config files matching the --config-file
-          #    arguments below are trusted.
+        #    arguments below are trusted.
-          # 3. Users allowed to run sudo/rootwrap with this configuration(*) are
+        # 3. Users allowed to run sudo/rootwrap with this configuration(*) are
-          #    also allowed to invoke python "entrypoint" functions from
+        #    also allowed to invoke python "entrypoint" functions from
-          #    --privsep_context with the additional (possibly root) privileges
+        #    --privsep_context with the additional (possibly root) privileges
-          #    configured for that context.
+        #    configured for that context.
-          #
+        #
-          # (*) ie: the user is allowed by /etc/sudoers to run rootwrap as root
+        # (*) ie: the user is allowed by /etc/sudoers to run rootwrap as root
-          #
+        #
-          # In particular, the oslo.config and python module path must not
+        # In particular, the oslo.config and python module path must not
-          # be writeable by the unprivileged user.
+        # be writeable by the unprivileged user.
-          # oslo.privsep default neutron context
+        # oslo.privsep default neutron context
-          privsep: PathFilter, privsep-helper, root,
+        privsep: PathFilter, privsep-helper, root,
-           --config-file, /etc,
+         --config-file, /etc,
-           --privsep_context, neutron.privileged.default,
+         --privsep_context, neutron.privileged.default,
-           --privsep_sock_path, /
+         --privsep_sock_path, /
-          # NOTE: A second `--config-file` arg can also be added above. Since
+        # NOTE: A second `--config-file` arg can also be added above. Since
-          # many neutron components are installed like that (eg: by devstack).
+        # many neutron components are installed like that (eg: by devstack).
-          # Adjust to suit local requirements.
+        # Adjust to suit local requirements.
    taas:
      pods:
        - ovs_agent