Merge "Implement namespace operations privsep context"

2021-04-13 05:56:12 +00:00 · 2021-04-13 05:56:12 +00:00 · f6f08ac76c
parent 7eb0d06e38 3cee5f7201
commit f6f08ac76c
2 changed files with 11 additions and 3 deletions
--- a/neutron/privileged/init.py
+++ b/neutron/privileged/init.py
@ -46,3 +46,11 @@ ovs_vsctl_cmd = priv_context.PrivContext(
    capabilities=[caps.CAP_SYS_ADMIN,
                  caps.CAP_NET_ADMIN]
 )
+
+
+namespace_cmd = priv_context.PrivContext(
+    __name__,
+    cfg_section='privsep_namespace',
+    pypath=__name__ + '.namespace_cmd',
+    capabilities=[caps.CAP_SYS_ADMIN]
+)
--- a/neutron/privileged/agent/linux/ip_lib.py
+++ b/neutron/privileged/agent/linux/ip_lib.py
@ -532,7 +532,7 @@ def dump_neigh_entries(ip_version, device, namespace, **kwargs):
    return entries


-@privileged.default.entrypoint
+@privileged.namespace_cmd.entrypoint
 def create_netns(name, **kwargs):
    """Create a network namespace.

@ -553,7 +553,7 @@ def create_netns(name, **kwargs):
            raise RuntimeError(_('Error creating namespace %s' % name))


-@privileged.default.entrypoint
+@privileged.namespace_cmd.entrypoint
 def remove_netns(name, **kwargs):
    """Remove a network namespace.

@ -566,7 +566,7 @@ def remove_netns(name, **kwargs):
            raise


-@privileged.default.entrypoint
+@privileged.namespace_cmd.entrypoint
 def list_netns(**kwargs):
    """List network namespaces.