c89c1f53db
Replace rootwrap execution with privsep context execution. This series of patches will progressively replace any rootwrap call. This patch replaces some "IpNetnsCommand" command execution methods. Change-Id: Ic5fdf221a2a2cd0951539b0e040d2a941feee287 Story: #2007686 Task: #41558
18 lines
973 B
YAML
18 lines
973 B
YAML
---
|
|
other:
|
|
- |
|
|
As defined in `Migrate from oslo.rootwrap to oslo.privsep
|
|
<https://opendev.org/openstack/governance/src/branch/master/goals/selected/wallaby/migrate-to-privsep.rst>`_,
|
|
all OpenStack proyects should migrate from oslo.rootwrap to oslo.privsep
|
|
because "oslo.privsep offers a superior security model, faster and more
|
|
secure".
|
|
This migration will end with the deprecation and removal of oslo.rootwrap
|
|
from Neutron. To ensure the quality of the Neutron code, this migration
|
|
will be done sequentially in several patches, checking none of them breaks
|
|
the current functionality.
|
|
In order to easily migrate to execute all external commands inside a
|
|
privsep context, a new input variable "privsep_exec", that defaults to
|
|
"False", is added to ``neutron.agent.linux.utils.execute``. That will
|
|
divert the code to a privsep decorated executor.
|
|
Once the migration finishes, this new input parameter will be removed.
|