yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1644517] Re: [neutron-vpnaas] libreswan driver requires root

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1644517@xxxxxxxxxxxxxxxxxx>
Date: Fri, 09 Feb 2018 05:01:36 -0000
Reply-to: Bug 1644517 <1644517@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/535208
Committed: https://git.openstack.org/cgit/openstack/neutron-vpnaas/commit/?id=65a3e5dfbe619b9d7ea861e90dd772e30d22043d
Submitter: Zuul
Branch:    master

commit 65a3e5dfbe619b9d7ea861e90dd772e30d22043d
Author: Jeffrey Zhang <zhang.lei.fly@xxxxxxxxx>
Date:   Thu Jan 18 15:54:23 2018 +0800

    Drop the root requirement for LibreSwanDriver
    
    Change-Id: I880ef5dad6723de06da5dd8a424f7158d65b5a35
    Closes-Bug: #1644517


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1644517

Title:
  [neutron-vpnaas] libreswan driver requires root

Status in neutron:
  Fix Released

Bug description:
  The libreswan device driver attempts to both cleanup[0] and chown[1]
  ipsec.secrets to root, using the bare python os module. From what I
  can gather it should use neutron-rootwrap to do these operations,
  otherwise the operator is forced to run the agent as root.

  [0] https://github.com/openstack/neutron-vpnaas/blob/master/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py#L40-L42
  [1] https://github.com/openstack/neutron-vpnaas/blob/master/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py#L50-L51

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1644517/+subscriptions

References

[Bug 1644517] [NEW] [neutron-vpnaas] libreswan driver requires root
From: Paul Bourke, 2016-11-24