The /bin/cat hard-coding appears to be just a convenience filter, and if you make it configurable it turns into essentially CommandFilter.
KillFilter appears to have actual logic related to killing processes though, so I could see an argument to make that configurable.
I should also note that we are encouraging people to move to oslo.privsep instead of oslo.rootwrap. There's much less chance of operator error exposing security holes with privsep.
The /bin/cat hard-coding appears to be just a convenience filter, and if you make it configurable it turns into essentially CommandFilter.
KillFilter appears to have actual logic related to killing processes though, so I could see an argument to make that configurable.
I should also note that we are encouraging people to move to oslo.privsep instead of oslo.rootwrap. There's much less chance of operator error exposing security holes with privsep.