← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #75508

[Bug 1800157] Re: privsep: lack of capabilities on kernel 4.15

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.openstack.org/613591
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=32cc8b63d7bbe5cfc83b82a058d1c5832980f290
Submitter: Zuul
Branch:    master

commit 32cc8b63d7bbe5cfc83b82a058d1c5832980f290
Author: Oleg Bondarev <obondarev@xxxxxxxxxxxx>
Date:   Fri Oct 26 18:02:27 2018 +0400

    Add capabilities for privsep
    
    CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH were added
    (like in nova) to fix agents on kernel 4.15.
    Please see bug for details
    
    Change-Id: Ieed6f5f6906036cdeaf2c3d96350eeae9559c0c7
    Closes-Bug: #1800157


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1800157

Title:
  privsep: lack of capabilities on kernel 4.15

Status in neutron:
  Fix Released

Bug description:
  l3 and dhcp agents are not functioning on kernel 4.15 due to privsep
  errors:

  2018-10-25 09:10:38,747.747 24060 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'privsep-helper', '--config-file', '/etc/neutron/l3_agent.ini', '--config-file', '/etc/neutron/fwaas_driver.ini', '--config-file', '/etc/neutron/neutron.conf', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmpS5k5y2/privsep.sock']
  2018-10-25 09:10:39,361.361 24060 WARNING oslo.privsep.daemon [-] privsep log: Error in sys.excepthook:
  2018-10-25 09:10:39,363.363 24060 WARNING oslo.privsep.daemon [-] privsep log: Traceback (most recent call last):
  2018-10-25 09:10:39,363.363 24060 WARNING oslo.privsep.daemon [-] privsep log:   File "/usr/lib/python2.7/dist-packages/oslo_log/log.py", line 193, in logging_excepthook
  2018-10-25 09:10:39,364.364 24060 WARNING oslo.privsep.daemon [-] privsep log:     getLogger(product_name).critical('Unhandled error', **extra)
  2018-10-25 09:10:39,365.365 24060 WARNING oslo.privsep.daemon [-] privsep log:   File "/usr/lib/python2.7/logging/__init__.py", line 1481, in critical
  2018-10-25 09:10:39,365.365 24060 WARNING oslo.privsep.daemon [-] privsep log:     self.logger.critical(msg, *args, **kwargs)
  2018-10-25 09:10:39,366.366 24060 WARNING oslo.privsep.daemon [-] privsep log:   File "/usr/lib/python2.7/logging/__init__.py", line 1212, in critical
  2018-10-25 09:10:39,366.366 24060 WARNING oslo.privsep.daemon [-] privsep log:     self._log(CRITICAL, msg, args, **kwargs)
  2018-10-25 09:10:39,367.367 24060 WARNING oslo.privsep.daemon [-] privsep log:   File "/usr/lib/python2.7/logging/__init__.py", line 1286, in _log
  2018-10-25 09:10:39,367.367 24060 WARNING oslo.privsep.daemon [-] privsep log:     self.handle(record)
  2018-10-25 09:10:39,368.368 24060 WARNING oslo.privsep.daemon [-] privsep log:   File "/usr/lib/python2.7/logging/__init__.py", line 1296, in handle
  2018-10-25 09:10:39,368.368 24060 WARNING oslo.privsep.daemon [-] privsep log:     self.callHandlers(record)
  2018-10-25 09:10:39,369.369 24060 WARNING oslo.privsep.daemon [-] privsep log:   File "/usr/lib/python2.7/logging/__init__.py", line 1336, in callHandlers
  2018-10-25 09:10:39,370.370 24060 WARNING oslo.privsep.daemon [-] privsep log:     hdlr.handle(record)
  2018-10-25 09:10:39,370.370 24060 WARNING oslo.privsep.daemon [-] privsep log:   File "/usr/lib/python2.7/logging/__init__.py", line 759, in handle
  2018-10-25 09:10:39,371.371 24060 WARNING oslo.privsep.daemon [-] privsep log:     self.emit(record)
  2018-10-25 09:10:39,371.371 24060 WARNING oslo.privsep.daemon [-] privsep log:   File "/usr/lib/python2.7/logging/handlers.py", line 414, in emit
  2018-10-25 09:10:39,372.372 24060 WARNING oslo.privsep.daemon [-] privsep log:     sres = os.stat(self.baseFilename)
  2018-10-25 09:10:39,372.372 24060 WARNING oslo.privsep.daemon [-] privsep log: OSError: [Errno 13] Permission denied: '/var/log/neutron/neutron.log'
  ...
  24060 ERROR neutron.agent.l3.agent FailedToDropPrivileges: Privsep daemon failed to start

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1800157/+subscriptions

References

  Thread PreviousDate PreviousThread Next