Remove run_as_root which fails without root_helper

It appears that this library is typically run as the root user
which shouldn't require 'run_as_root'. When running as an
unprivileged user the required permissions can be granted by
specifying 'AmbientCapabilities = CAP_NET_ADMIN' in the service,
rather than 'CapabilityBoundingSet'.

An alternative approach would be to specify a 'root_helper' or to
switch to oslo.privsep, but these don't fully solve the problem
as the 'pyroute2' library also requires 'CAP_NET_ADMIN'.

Closes-Bug: #1852105
Change-Id: I9d0942f1cfc06cc3a7585683a030516096297767
(cherry picked from commit cdb9fe351d)
changes/36/765936/2 victoria-em
Andrew Bonney 2 years ago committed by Michał Dulko
parent e43bf23162
commit 0af5226618
  1. 1
      kuryr/lib/binding/drivers/hw_veb.py
  2. 5
      kuryr/lib/binding/drivers/veth.py
  3. 2
      kuryr/tests/unit/binding/drivers/test_hw_veb.py

@ -70,5 +70,4 @@ def _set_vf_interface_vlan(pf_ifname, vf_num, mac_addr, vlan=0):
'vf', vf_num,
'mac', mac_addr,
'vlan', vlan,
run_as_root=True,
check_exit_code=exit_code)

@ -114,7 +114,7 @@ def port_unbind(endpoint_id, neutron_port, **kwargs):
network_id = neutron_port['network_id']
stdout, stderr = processutils.execute(
unbinding_exec_path, constants.UNBINDING_SUBCOMMAND, port_id, ifname,
endpoint_id, mac_address, vif_details, network_id, run_as_root=True)
endpoint_id, mac_address, vif_details, network_id)
try:
utils.remove_device(ifname)
except pyroute2.NetlinkError:
@ -148,6 +148,5 @@ def _configure_host_iface(ifname, endpoint_id, port_id, net_id, project_id,
stdout, stderr = processutils.execute(
binding_exec_path, constants.BINDING_SUBCOMMAND, port_id, ifname,
endpoint_id, hwaddr, net_id, project_id,
lib_utils.string_mappings(details),
run_as_root=True)
lib_utils.string_mappings(details))
return stdout, stderr

@ -63,7 +63,6 @@ class TestHwVebDriver(base.TestCase):
'vf', fake_vf_num,
'mac', fake_port['port']['mac_address'],
'vlan', fake_vlan_id,
run_as_root=True,
check_exit_code=[0, 2, 254])
@mock.patch('oslo_concurrency.processutils.execute',
@ -91,5 +90,4 @@ class TestHwVebDriver(base.TestCase):
'vf', fake_vf_num,
'mac', fake_port['port']['mac_address'],
'vlan', 0,
run_as_root=True,
check_exit_code=[0, 2, 254])

Loading…
Cancel
Save