Always run dnsmasq as root
Regarding https://review.openstack.org/#/c/145829/ The old code of DnsMasq will always get root_helper from neutron.agent.dhcp.agent. However, new code will only set run_as_root when namespace is used. That will cause permission error when namespace is disabled and dnsmasq need to be started. Change-Id: Ib00d6e54dba44dbbbec158b9e0518e6e42baceec Closes-Bug: #1428007
This commit is contained in:
parent
7904c9c969
commit
d82366fe01
|
@ -208,7 +208,8 @@ class DhcpLocalProcess(DhcpBase):
|
|||
uuid=self.network.id,
|
||||
namespace=self.network.namespace,
|
||||
default_cmd_callback=cmd_callback,
|
||||
pid_file=self.get_conf_file_name('pid'))
|
||||
pid_file=self.get_conf_file_name('pid'),
|
||||
run_as_root=True)
|
||||
|
||||
def disable(self, retain_port=False):
|
||||
"""Disable DHCP for this network by killing the local process."""
|
||||
|
@ -402,7 +403,7 @@ class Dnsmasq(DhcpLocalProcess):
|
|||
"""Release a DHCP lease."""
|
||||
cmd = ['dhcp_release', self.interface_name, ip, mac_address]
|
||||
ip_wrapper = ip_lib.IPWrapper(namespace=self.network.namespace)
|
||||
ip_wrapper.netns.execute(cmd)
|
||||
ip_wrapper.netns.execute(cmd, run_as_root=True)
|
||||
|
||||
def _output_config_files(self):
|
||||
self._output_hosts_file()
|
||||
|
|
|
@ -60,7 +60,7 @@ class ProcessManager(MonitoredProcess):
|
|||
"""
|
||||
def __init__(self, conf, uuid, namespace=None, service=None,
|
||||
pids_path=None, default_cmd_callback=None,
|
||||
cmd_addl_env=None, pid_file=None):
|
||||
cmd_addl_env=None, pid_file=None, run_as_root=False):
|
||||
|
||||
self.conf = conf
|
||||
self.uuid = uuid
|
||||
|
@ -69,6 +69,7 @@ class ProcessManager(MonitoredProcess):
|
|||
self.cmd_addl_env = cmd_addl_env
|
||||
self.pids_path = pids_path or self.conf.external_pids
|
||||
self.pid_file = pid_file
|
||||
self.run_as_root = run_as_root
|
||||
|
||||
if service:
|
||||
self.service_pid_fname = 'pid.' + service
|
||||
|
@ -86,7 +87,8 @@ class ProcessManager(MonitoredProcess):
|
|||
cmd = cmd_callback(self.get_pid_file_name())
|
||||
|
||||
ip_wrapper = ip_lib.IPWrapper(namespace=self.namespace)
|
||||
ip_wrapper.netns.execute(cmd, addl_env=self.cmd_addl_env)
|
||||
ip_wrapper.netns.execute(cmd, addl_env=self.cmd_addl_env,
|
||||
run_as_root=self.run_as_root)
|
||||
elif reload_cfg:
|
||||
self.reload_cfg()
|
||||
|
||||
|
|
|
@ -559,9 +559,9 @@ class IpNetnsCommand(IpCommandBase):
|
|||
self._as_root([], ('delete', name), use_root_namespace=True)
|
||||
|
||||
def execute(self, cmds, addl_env=None, check_exit_code=True,
|
||||
extra_ok_codes=None):
|
||||
extra_ok_codes=None, run_as_root=False):
|
||||
ns_params = []
|
||||
kwargs = {}
|
||||
kwargs = {'run_as_root': run_as_root}
|
||||
if self._parent.namespace:
|
||||
kwargs['run_as_root'] = True
|
||||
ns_params = ['ip', 'netns', 'exec', self._parent.namespace]
|
||||
|
|
|
@ -125,7 +125,8 @@ class TestMetadataDriverProcess(base.BaseTestCase):
|
|||
'--metadata_proxy_watch_log=false')
|
||||
ip_mock.assert_has_calls([
|
||||
mock.call(namespace=router_ns),
|
||||
mock.call().netns.execute(netns_execute_args, addl_env=None)
|
||||
mock.call().netns.execute(netns_execute_args, addl_env=None,
|
||||
run_as_root=False)
|
||||
])
|
||||
|
||||
def test_spawn_metadata_proxy_with_agent_user(self):
|
||||
|
|
|
@ -52,7 +52,8 @@ class TestProcessManager(base.BaseTestCase):
|
|||
callback.assert_called_once_with('pidfile')
|
||||
self.execute.assert_called_once_with(['the', 'cmd'],
|
||||
check_exit_code=True,
|
||||
extra_ok_codes=None)
|
||||
extra_ok_codes=None,
|
||||
run_as_root=False)
|
||||
|
||||
def test_enable_with_namespace(self):
|
||||
callback = mock.Mock()
|
||||
|
@ -69,8 +70,8 @@ class TestProcessManager(base.BaseTestCase):
|
|||
callback.assert_called_once_with('pidfile')
|
||||
ip_lib.assert_has_calls([
|
||||
mock.call.IPWrapper(namespace='ns'),
|
||||
mock.call.IPWrapper().netns.execute(['the', 'cmd'],
|
||||
addl_env=None)])
|
||||
mock.call.IPWrapper().netns.execute(
|
||||
['the', 'cmd'], addl_env=None, run_as_root=False)])
|
||||
|
||||
def test_enable_with_namespace_process_active(self):
|
||||
callback = mock.Mock()
|
||||
|
|
|
@ -927,7 +927,8 @@ class TestIpNetnsCommand(TestIPCmdBase):
|
|||
self.netns_cmd.execute(['test'])
|
||||
execute.assert_called_once_with(['test'],
|
||||
check_exit_code=True,
|
||||
extra_ok_codes=None)
|
||||
extra_ok_codes=None,
|
||||
run_as_root=False)
|
||||
|
||||
|
||||
class TestDeviceExists(base.BaseTestCase):
|
||||
|
|
Loading…
Reference in New Issue