yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1393184] [NEW] root_helper is not always needed but sometimes enforced artifically

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Assaf Muller <amuller@xxxxxxxxxx>
Date: Sun, 16 Nov 2014 13:25:39 -0000
Reply-to: Bug 1393184 <1393184@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Trying to invoke a namespace command via ip_lib requires a root_helper.
If the process running the command has root access, it doesn't need to
use root_helper, but ip_lib explicitly checks for the existence of a
root_helper parameter and fails if it isn't populated.

For context, the L3 agent starts the metadata_proxy under the root user.
I ran into a similar issue, as the L3 agent starts keepalived (For HA
routers) under the root user. Keepalived then executes scripts when a
router state transition occurs, these scripts are run under root as
well. The transition scripts can't use 'sudo neutron-rootwrap ...'
because they're not run with a shell and I get a 'Terminal required'
type error.

** Affects: neutron
     Importance: Undecided
     Assignee: Assaf Muller (amuller)
         Status: New

** Changed in: neutron
     Assignee: (unassigned) => Assaf Muller (amuller)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1393184

Title:
  root_helper is not always needed but sometimes enforced artifically

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  Trying to invoke a namespace command via ip_lib requires a
  root_helper. If the process running the command has root access, it
  doesn't need to use root_helper, but ip_lib explicitly checks for the
  existence of a root_helper parameter and fails if it isn't populated.

  For context, the L3 agent starts the metadata_proxy under the root
  user. I ran into a similar issue, as the L3 agent starts keepalived
  (For HA routers) under the root user. Keepalived then executes scripts
  when a router state transition occurs, these scripts are run under
  root as well. The transition scripts can't use 'sudo neutron-rootwrap
  ...' because they're not run with a shell and I get a 'Terminal
  required' type error.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1393184/+subscriptions

Follow ups

[Bug 1393184] Re: root_helper is not always needed but sometimes enforced artifically
From: Thierry Carrez, 2014-12-18
[Bug 1393184] [NEW] root_helper is not always needed but sometimes enforced artifically
From: Assaf Muller, 2014-11-16

References

[Bug 1393184] [NEW] root_helper is not always needed but sometimes enforced artifically
From: Assaf Muller, 2014-11-16