privsep: lack of capabilities on kernel 4.15
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
Oleg Bondarev |
Bug Description
l3 and dhcp agents are not functioning on kernel 4.15 due to privsep errors:
2018-10-25 09:10:38,747.747 24060 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', '/usr/bin/
2018-10-25 09:10:39,361.361 24060 WARNING oslo.privsep.daemon [-] privsep log: Error in sys.excepthook:
2018-10-25 09:10:39,363.363 24060 WARNING oslo.privsep.daemon [-] privsep log: Traceback (most recent call last):
2018-10-25 09:10:39,363.363 24060 WARNING oslo.privsep.daemon [-] privsep log: File "/usr/lib/
2018-10-25 09:10:39,364.364 24060 WARNING oslo.privsep.daemon [-] privsep log: getLogger(
2018-10-25 09:10:39,365.365 24060 WARNING oslo.privsep.daemon [-] privsep log: File "/usr/lib/
2018-10-25 09:10:39,365.365 24060 WARNING oslo.privsep.daemon [-] privsep log: self.logger.
2018-10-25 09:10:39,366.366 24060 WARNING oslo.privsep.daemon [-] privsep log: File "/usr/lib/
2018-10-25 09:10:39,366.366 24060 WARNING oslo.privsep.daemon [-] privsep log: self._log(CRITICAL, msg, args, **kwargs)
2018-10-25 09:10:39,367.367 24060 WARNING oslo.privsep.daemon [-] privsep log: File "/usr/lib/
2018-10-25 09:10:39,367.367 24060 WARNING oslo.privsep.daemon [-] privsep log: self.handle(record)
2018-10-25 09:10:39,368.368 24060 WARNING oslo.privsep.daemon [-] privsep log: File "/usr/lib/
2018-10-25 09:10:39,368.368 24060 WARNING oslo.privsep.daemon [-] privsep log: self.callHandle
2018-10-25 09:10:39,369.369 24060 WARNING oslo.privsep.daemon [-] privsep log: File "/usr/lib/
2018-10-25 09:10:39,370.370 24060 WARNING oslo.privsep.daemon [-] privsep log: hdlr.handle(record)
2018-10-25 09:10:39,370.370 24060 WARNING oslo.privsep.daemon [-] privsep log: File "/usr/lib/
2018-10-25 09:10:39,371.371 24060 WARNING oslo.privsep.daemon [-] privsep log: self.emit(record)
2018-10-25 09:10:39,371.371 24060 WARNING oslo.privsep.daemon [-] privsep log: File "/usr/lib/
2018-10-25 09:10:39,372.372 24060 WARNING oslo.privsep.daemon [-] privsep log: sres = os.stat(
2018-10-25 09:10:39,372.372 24060 WARNING oslo.privsep.daemon [-] privsep log: OSError: [Errno 13] Permission denied: '/var/log/
...
24060 ERROR neutron.
tags: | added: neutron-proactive-backport-potential |
tags: | removed: neutron-proactive-backport-potential |
current neutron privsep capabilities: capabilities= [caps.CAP_ SYS_ADMIN, caps.CAP_NET_ADMIN]
in nova it's: capabilities= [capabilities. CAP_CHOWN,
capabilitie s.CAP_DAC_ OVERRIDE,
capabilitie s.CAP_DAC_ READ_SEARCH,
capabilitie s.CAP_FOWNER,
capabilitie s.CAP_NET_ ADMIN,
capabilitie s.CAP_SYS_ ADMIN]
adding CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH to neutron fixes the issue.