From 8e48646eb61014b8af89eb1fb4ec5e163a202537 Mon Sep 17 00:00:00 2001
From: Mohammed Naser <mnaser@vexxhost.com>
Date: Sun, 31 Mar 2019 21:24:27 -0400
Subject: [PATCH] Add privsep-helper to nova sudoers file

With the new oslo-privsep library, there is now a
privsep-helper command that is used to escalate
privledges.

This command needs to be runnable by the nova user
via sudo without a password. The old rootwrap command
is still used as well, so for now we need to have
both.

Change-Id: I3bf334bf9498f67a1e91041d1d50870964e6141c
---
 templates/sudoers.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/sudoers.j2 b/templates/sudoers.j2
index 51f530ba..39e8618e 100644
--- a/templates/sudoers.j2
+++ b/templates/sudoers.j2
@@ -4,3 +4,4 @@ Defaults:{{ nova_system_user_name }} !requiretty
 Defaults:{{ nova_system_user_name }} secure_path="{{ nova_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
 {{ nova_system_user_name }} ALL = (root) NOPASSWD: {{ nova_bin }}/{{ nova_service_name }}-rootwrap
+{{ nova_system_user_name }} ALL = (root) NOPASSWD: {{ nova_bin }}/privsep-helper