yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1777922] [NEW] neutron is not dropping radvd privileges

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Antonio Ojea <itsuugo@xxxxxxxxx>
Date: Wed, 20 Jun 2018 19:09:05 -0000
Reply-to: Bug 1777922 <1777922@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

neutron is not dropping the radvd privileges and causes that radvd run with full privileges, that can be considered as a serious risk.
In addition, some distributions like SUSE, by default runs radvd process as a non privileged user by default, causing radvd failure to daemonize because it can't write the pid in the corresponding neutron folder and break the IPv6 functionality.

** Affects: neutron
     Importance: High
     Assignee: Antonio Ojea (itsuugo)
         Status: In Progress


** Tags: ipv6 pike-backport-potential queens-backport-potential

** Changed in: neutron
     Assignee: (unassigned) => Antonio Ojea (itsuugo)

** Changed in: neutron
       Status: New => In Progress

** Description changed:

- neutron is not dropping the radvd privileges and causes that radvd run with full privileges that can be considered as a serious risk.
- In addition, somes distributions like SUSE, default radvd process to a non privileged user by default, causing that radvd fails to daemonize because it can't write the pid in the corresponding neutron folder and breaking the IPv6 functionality.
+ neutron is not dropping the radvd privileges and causes that radvd run with full privileges, that can be considered as a serious risk.
+ In addition, some distributions like SUSE, by default runs radvd process as a non privileged user by default, causing radvd failure to daemonize because it can't write the pid in the corresponding neutron folder and break the IPv6 functionality.

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1777922

Title:
  neutron is not dropping radvd privileges

Status in neutron:
  In Progress

Bug description:
  neutron is not dropping the radvd privileges and causes that radvd run with full privileges, that can be considered as a serious risk.
  In addition, some distributions like SUSE, by default runs radvd process as a non privileged user by default, causing radvd failure to daemonize because it can't write the pid in the corresponding neutron folder and break the IPv6 functionality.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1777922/+subscriptions

Follow ups

[Bug 1777922] Re: neutron is not dropping radvd privileges
From: OpenStack Infra, 2018-06-26