openstack
/
neutron
Code Issues Proposed changes

Merge "Implement namespace operations privsep context"

This commit is contained in:
Zuul 2021-04-13 05:56:12 +00:00 committed by Gerrit Code Review
parent 7eb0d06e38 3cee5f7201
commit f6f08ac76c
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
neutron/privileged/__init__.py
View File

@ -46,3 +46,11 @@ ovs_vsctl_cmd = priv_context.PrivContext(
capabilities=[caps.CAP_SYS_ADMIN, capabilities=[caps.CAP_SYS_ADMIN,
caps.CAP_NET_ADMIN] caps.CAP_NET_ADMIN]
) )
namespace_cmd = priv_context.PrivContext(
__name__,
cfg_section='privsep_namespace',
pypath=__name__ + '.namespace_cmd',
capabilities=[caps.CAP_SYS_ADMIN]
)

6
neutron/privileged/agent/linux/ip_lib.py
View File

@ -532,7 +532,7 @@ def dump_neigh_entries(ip_version, device, namespace, **kwargs):
return entries return entries
@privileged.default.entrypoint @privileged.namespace_cmd.entrypoint
def create_netns(name, **kwargs): def create_netns(name, **kwargs):
"""Create a network namespace. """Create a network namespace.
@ -553,7 +553,7 @@ def create_netns(name, **kwargs):
raise RuntimeError(_('Error creating namespace %s' % name)) raise RuntimeError(_('Error creating namespace %s' % name))
@privileged.default.entrypoint @privileged.namespace_cmd.entrypoint
def remove_netns(name, **kwargs): def remove_netns(name, **kwargs):
"""Remove a network namespace. """Remove a network namespace.
@ -566,7 +566,7 @@ def remove_netns(name, **kwargs):
raise raise
@privileged.default.entrypoint @privileged.namespace_cmd.entrypoint
def list_netns(**kwargs): def list_netns(**kwargs):
"""List network namespaces. """List network namespaces.