Yes I can execute "ip netns" with my root and neutron users with only this CAP_SYS_ADMIN capability but L3 Agent tries to call privileged.list_netns(**kwargs) and the execution is wrapped in privsep context and gets Permission denied Error.
In my configuration "use_helper_for_ns_read" property is "True".
Hello Rodolfo:
Yes I can execute "ip netns" with my root and neutron users with only this CAP_SYS_ADMIN capability but L3 Agent tries to call privileged. list_netns( **kwargs) and the execution is wrapped in privsep context and gets Permission denied Error.
In my configuration "use_helper_ for_ns_ read" property is "True".