neutron

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #2026122
Comment #4

Comment 4 for bug 2026122

Revision history for this message

Hristo Ispirov (hispirov) wrote on 2023-07-06 (last edit on 2023-07-06):

Hello Rodolfo:

Yes I can execute "ip netns" with my root and neutron users with only this CAP_SYS_ADMIN capability but L3 Agent tries to call privileged.list_netns(**kwargs) and the execution is wrapped in privsep context and gets Permission denied Error.

In my configuration "use_helper_for_ns_read" property is "True".