yahoo-eng-team team mailing list archive

[Kevin Benton <1500528@xxxxxxxxxxxxxxxxxx>]

I commented on the patch, but this exists because /var/run/netns can be
secured on any OS. We need to work in these secure environments as well.

** Changed in: neutron
       Status: New => Opinion

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1500528

Title:
  Deprecate config option 'use_helper_for_ns_read'

Status in neutron:
  Opinion

Bug description:
  The config option 'cfg.CONF.AGENT.use_helper_for_ns_read' defaults to
  "True" as seen here:

      cfg.BoolOpt('use_helper_for_ns_read',
                  default=True,
                  help=_('Use the root helper to read the namespaces from '
                         'the operating system.')),

  There are two places in neutron.agent.linux.ip_lib where the list of
  namespaces are retrieved:

     class IPWrapper(SubProcessBase):
      def get_namespaces(cls):
          output = cls._execute([], 'netns', ('list',))
          return [l.strip() for l in output.split('\n')]

  and

     class IpNetnsCommand(IpCommandBase):
      def exists(self, name):
          output = self._parent._execute(
              ['o'], 'netns', ['list'],
              run_as_root=cfg.CONF.AGENT.use_helper_for_ns_read)
          for line in output.split('\n'):
              if name == line.strip():
                  return True
          return False

  Both methods are calling "ip netns list", but only one is actually
  using the configuration option. Both of these methods are called
  through out the code.

  The configuration option is not necessary in the first case therefore
  it should be removed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1500528/+subscriptions