no rootwrap filter for 'route', used by l3-agent
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Critical
|
dan wendlandt |
Bug Description
The l3-agent invokes 'route' within a namespace to set the default gateway within that namespace, for example, to reach the internet via a gateway on an external network. However, rootwrap does not have a filter for this, so the command is denied:
2012-09-21 04:32:45 DEBUG [quantum.
usr/bin/
d6-3471-
2012-09-21 04:32:45 DEBUG [quantum.
Command: ['sudo', '/usr/bin/
', 'netns', 'exec', 'qrouter-
d', 'default', 'gw', '192.168.0.1']
Exit code: 99
Stdout: 'Unauthorized command: ip netns exec qrouter-
39375ebc5 route add default gw 192.168.0.1\n'
Changed in quantum: | |
status: | New → In Progress |
importance: | Undecided → Critical |
assignee: | nobody → dan wendlandt (danwent) |
milestone: | none → folsom-rc2 |
Changed in quantum: | |
milestone: | folsom-rc2 → 2012.2 |
Fix proposed to branch: master /review. openstack. org/13450
Review: https:/