Drop CAP_NET_ADMIN

It is not required for performing monitors' duties. Change-Id: Ib1297ce6e4fca0bfcb82d32b3669475d2011fbe1
2021-03-21 19:10:19 +00:00 · 2021-03-21 19:10:19 +00:00 · 07bd41f0b4
commit 07bd41f0b4
parent be42d99854
2 changed files with 6 additions and 2 deletions
--- a/masakarimonitors/privsep.py
+++ b/masakarimonitors/privsep.py
@ -12,7 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-from oslo_privsep import capabilities as c
 from oslo_privsep import priv_context


@ -20,5 +19,5 @@ monitors_priv = priv_context.PrivContext(
    "masakarimonitors",
    cfg_section="masakarimonitors_privileged",
    pypath=__name__ + ".monitors_priv",
-    capabilities=[c.CAP_NET_ADMIN],
+    capabilities=[],
 )
--- a/releasenotes/notes/drop-cap-net-admin-8d7d7cfb274e9547.yaml
+++ b/releasenotes/notes/drop-cap-net-admin-8d7d7cfb274e9547.yaml
@ -0,0 +1,5 @@
+---
+other:
+  - |
+    Masakari hostmonitor and processmonitor will no longer require
+    ``CAP_NET_ADMIN`` capability.