openstack/neutron
Code Issues Proposed changes

Add capabilities for privsep

Browse Source 
CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH were added
(like in nova) to fix agents on kernel 4.15.
Please see bug for details

Change-Id: Ieed6f5f6906036cdeaf2c3d96350eeae9559c0c7
Closes-Bug: #1800157
(cherry picked from commit 32cc8b63d7bbe5cfc83b82a058d1c5832980f290)
This commit is contained in:
Oleg Bondarev 2018-10-26 18:02:27 +04:00 committed by Brian Haley
parent 2a3ba92a60
commit 663d6486a3
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
neutron/privileged/__init__.py
View File

@ -22,5 +22,8 @@ default = priv_context.PrivContext(
# TODO(gus): CAP_SYS_ADMIN is required (only?) for manipulating
# network namespaces. SYS_ADMIN is a lot of scary powers, so
# consider breaking this out into a separate minimal context.
capabilities=[caps.CAP_SYS_ADMIN, caps.CAP_NET_ADMIN],
capabilities=[caps.CAP_SYS_ADMIN,
caps.CAP_NET_ADMIN,
caps.CAP_DAC_OVERRIDE,
2], # CAP_DAC_READ_SEARCH
)