[PKG-Openstack-devel] Bug#751524: Running dnsmasq in Neutron: unix rights

Thomas Goirand zigo at debian.org
Sat Jun 14 11:26:25 UTC 2014


Hi,

I've been thinking for a long time on how to fix dnsmasq unix rights
issue in Neutron. Namely (from syslog):

/var/lib/neutron/dhcp/{id}/host : Permission denied

One way to fix it is to do:
chmod o+x /var/lib/neutron

Though I don't feel it's the right way to do things. Wouldn't it be
nicer to add:
--user=neutron

in spawn_process() in neutron/agent/linux/dhcp.py? I know some Debian
users did that, and it worked. I was tempted to add such patch, but I
don't think it's the right thing to do without upstream approval.

Yet another way would be to use "adduser" and add the nobody user in the
neutron group, but I'm discarding that option as the least safe.

I don't want to introduce a Debian specific security hole in my Neutron
package, and I am therefore seeking for advices in this list. What's the
safest way to fix that problem?

Cheers,

Thomas Goirand (zigo)

P.S: The issue is also tracked at https://bugs.debian.org/751524, so
please leave 751524 at bugs.debian.org as Cc: when replying.



More information about the Openstack-devel mailing list