Remove run_as_root which fails without root_helper

It appears that this library is typically run as the root user
which shouldn't require 'run_as_root'. When running as an
unprivileged user the required permissions can be granted by
specifying 'AmbientCapabilities = CAP_NET_ADMIN' in the service,
rather than 'CapabilityBoundingSet'.

An alternative approach would be to specify a 'root_helper' or to
switch to oslo.privsep, but these don't fully solve the problem
as the 'pyroute2' library also requires 'CAP_NET_ADMIN'.

Closes-Bug: #1852105
Change-Id: I9d0942f1cfc06cc3a7585683a030516096297767
This commit is contained in:
Andrew Bonney 2020-12-01 08:26:27 +00:00
parent f09977423b
commit cdb9fe351d
3 changed files with 2 additions and 6 deletions

View File

@ -70,5 +70,4 @@ def _set_vf_interface_vlan(pf_ifname, vf_num, mac_addr, vlan=0):
'vf', vf_num,
'mac', mac_addr,
'vlan', vlan,
run_as_root=True,
check_exit_code=exit_code)

View File

@ -114,7 +114,7 @@ def port_unbind(endpoint_id, neutron_port, **kwargs):
network_id = neutron_port['network_id']
stdout, stderr = processutils.execute(
unbinding_exec_path, constants.UNBINDING_SUBCOMMAND, port_id, ifname,
endpoint_id, mac_address, vif_details, network_id, run_as_root=True)
endpoint_id, mac_address, vif_details, network_id)
try:
utils.remove_device(ifname)
except pyroute2.NetlinkError:
@ -148,6 +148,5 @@ def _configure_host_iface(ifname, endpoint_id, port_id, net_id, project_id,
stdout, stderr = processutils.execute(
binding_exec_path, constants.BINDING_SUBCOMMAND, port_id, ifname,
endpoint_id, hwaddr, net_id, project_id,
lib_utils.string_mappings(details),
run_as_root=True)
lib_utils.string_mappings(details))
return stdout, stderr

View File

@ -63,7 +63,6 @@ class TestHwVebDriver(base.TestCase):
'vf', fake_vf_num,
'mac', fake_port['port']['mac_address'],
'vlan', fake_vlan_id,
run_as_root=True,
check_exit_code=[0, 2, 254])
@mock.patch('oslo_concurrency.processutils.execute',
@ -91,5 +90,4 @@ class TestHwVebDriver(base.TestCase):
'vf', fake_vf_num,
'mac', fake_port['port']['mac_address'],
'vlan', 0,
run_as_root=True,
check_exit_code=[0, 2, 254])