When using a normal user (non-admin), to list the network namespaces no permission should be needed. But because some users have been capped, this is why we introduced the configuration variable "use_helper_for_ns_read", that is True by default. When enabled, the namespace listing [1] and the "path_exists" method [2] are wrapped inside a privsep context. But only "CAP_SYS_ADMIN" should be needed for these two operations.
I would suggest first to check the user permissions. With this user, can you execute "ip netns"? Can you read all the namespaces? You should be able.
Hello Hristo:
When using a normal user (non-admin), to list the network namespaces no permission should be needed. But because some users have been capped, this is why we introduced the configuration variable "use_helper_ for_ns_ read", that is True by default. When enabled, the namespace listing [1] and the "path_exists" method [2] are wrapped inside a privsep context. But only "CAP_SYS_ADMIN" should be needed for these two operations.
I would suggest first to check the user permissions. With this user, can you execute "ip netns"? Can you read all the namespaces? You should be able.
Regards.
[1]https:/ /github. com/openstack/ neutron/ blob/6b9333d8df b78881a4368cb87 16c48c45d49857f /neutron/ agent/linux/ ip_lib. py#L971 /github. com/openstack/ neutron/ blob/6b9333d8df b78881a4368cb87 16c48c45d49857f /neutron/ agent/linux/ ip_lib. py#L991
[2]https:/