Remove run_as_root which fails without root_helper
It appears that this library is typically run as the root user
which shouldn't require 'run_as_root'. When running as an
unprivileged user the required permissions can be granted by
specifying 'AmbientCapabilities = CAP_NET_ADMIN' in the service,
rather than 'CapabilityBoundingSet'.
An alternative approach would be to specify a 'root_helper' or to
switch to oslo.privsep, but these don't fully solve the problem
as the 'pyroute2' library also requires 'CAP_NET_ADMIN'.
Closes-Bug: #1852105
Change-Id: I9d0942f1cfc06cc3a7585683a030516096297767
(cherry picked from commit cdb9fe351d
)
This commit is contained in:
parent
e43bf23162
commit
0af5226618
|
@ -70,5 +70,4 @@ def _set_vf_interface_vlan(pf_ifname, vf_num, mac_addr, vlan=0):
|
||||||
'vf', vf_num,
|
'vf', vf_num,
|
||||||
'mac', mac_addr,
|
'mac', mac_addr,
|
||||||
'vlan', vlan,
|
'vlan', vlan,
|
||||||
run_as_root=True,
|
|
||||||
check_exit_code=exit_code)
|
check_exit_code=exit_code)
|
||||||
|
|
|
@ -114,7 +114,7 @@ def port_unbind(endpoint_id, neutron_port, **kwargs):
|
||||||
network_id = neutron_port['network_id']
|
network_id = neutron_port['network_id']
|
||||||
stdout, stderr = processutils.execute(
|
stdout, stderr = processutils.execute(
|
||||||
unbinding_exec_path, constants.UNBINDING_SUBCOMMAND, port_id, ifname,
|
unbinding_exec_path, constants.UNBINDING_SUBCOMMAND, port_id, ifname,
|
||||||
endpoint_id, mac_address, vif_details, network_id, run_as_root=True)
|
endpoint_id, mac_address, vif_details, network_id)
|
||||||
try:
|
try:
|
||||||
utils.remove_device(ifname)
|
utils.remove_device(ifname)
|
||||||
except pyroute2.NetlinkError:
|
except pyroute2.NetlinkError:
|
||||||
|
@ -148,6 +148,5 @@ def _configure_host_iface(ifname, endpoint_id, port_id, net_id, project_id,
|
||||||
stdout, stderr = processutils.execute(
|
stdout, stderr = processutils.execute(
|
||||||
binding_exec_path, constants.BINDING_SUBCOMMAND, port_id, ifname,
|
binding_exec_path, constants.BINDING_SUBCOMMAND, port_id, ifname,
|
||||||
endpoint_id, hwaddr, net_id, project_id,
|
endpoint_id, hwaddr, net_id, project_id,
|
||||||
lib_utils.string_mappings(details),
|
lib_utils.string_mappings(details))
|
||||||
run_as_root=True)
|
|
||||||
return stdout, stderr
|
return stdout, stderr
|
||||||
|
|
|
@ -63,7 +63,6 @@ class TestHwVebDriver(base.TestCase):
|
||||||
'vf', fake_vf_num,
|
'vf', fake_vf_num,
|
||||||
'mac', fake_port['port']['mac_address'],
|
'mac', fake_port['port']['mac_address'],
|
||||||
'vlan', fake_vlan_id,
|
'vlan', fake_vlan_id,
|
||||||
run_as_root=True,
|
|
||||||
check_exit_code=[0, 2, 254])
|
check_exit_code=[0, 2, 254])
|
||||||
|
|
||||||
@mock.patch('oslo_concurrency.processutils.execute',
|
@mock.patch('oslo_concurrency.processutils.execute',
|
||||||
|
@ -91,5 +90,4 @@ class TestHwVebDriver(base.TestCase):
|
||||||
'vf', fake_vf_num,
|
'vf', fake_vf_num,
|
||||||
'mac', fake_port['port']['mac_address'],
|
'mac', fake_port['port']['mac_address'],
|
||||||
'vlan', 0,
|
'vlan', 0,
|
||||||
run_as_root=True,
|
|
||||||
check_exit_code=[0, 2, 254])
|
check_exit_code=[0, 2, 254])
|
||||||
|
|
Loading…
Reference in New Issue