What does it mean "I can execute "ip netns" with my root and neutron users with only this CAP_SYS_ADMIN capability". How are you doing that? In a python console?
"privsep" daemon is a service running with the permissions provided; in this case "CAP_SYS_ADMIN". If you are able to execute "ip netns" with the user running the OpenStack services, then you can disable "use_helper_for_ns_read" because you don't need the "privsep" wrapper.
Hello Hristo:
What does it mean "I can execute "ip netns" with my root and neutron users with only this CAP_SYS_ADMIN capability". How are you doing that? In a python console?
"privsep" daemon is a service running with the permissions provided; in this case "CAP_SYS_ADMIN". If you are able to execute "ip netns" with the user running the OpenStack services, then you can disable "use_helper_ for_ns_ read" because you don't need the "privsep" wrapper.
Regards.