openstack/neutron
Code Issues Proposed changes

Merge "Add capabilities for privsep"

Browse Source
This commit is contained in:
Zuul 2018-10-29 11:05:47 +00:00 committed by Gerrit Code Review
commit 04c772a4cd
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
neutron/privileged/__init__.py
View File

@ -22,5 +22,8 @@ default = priv_context.PrivContext(
# TODO(gus): CAP_SYS_ADMIN is required (only?) for manipulating # TODO(gus): CAP_SYS_ADMIN is required (only?) for manipulating
# network namespaces. SYS_ADMIN is a lot of scary powers, so # network namespaces. SYS_ADMIN is a lot of scary powers, so
# consider breaking this out into a separate minimal context. # consider breaking this out into a separate minimal context.
capabilities=[caps.CAP_SYS_ADMIN, caps.CAP_NET_ADMIN], capabilities=[caps.CAP_SYS_ADMIN,
caps.CAP_NET_ADMIN,
caps.CAP_DAC_OVERRIDE,
caps.CAP_DAC_READ_SEARCH],
) )