[PKG-Openstack-devel] Bug#751524: [openstack-dev] Running dnsmasq in Neutron: unix rights

Benedikt Trefzer benedikt.trefzer at cirrax.com
Tue Jun 24 16:46:27 UTC 2014

Hi Thomas

It should be possible to add

dnsmasq_config_file = /a-path/to/a/file

in /etc/neutron/dhcp_agent.ini

and then set


in /a-path/to/a/file

I did not test this yet.



On 23.06.2014 17:10, Thomas Goirand wrote:
> On 06/14/2014 07:26 PM, Thomas Goirand wrote:
>> Hi
>> I've been thinking for a long time on how to fix dnsmasq unix rights
>> issue in Neutron. Namely (from syslog):
>> /var/lib/neutron/dhcp/{id}/host : Permission denied
>> One way to fix it is to do:
>> chmod o+x /var/lib/neutron
>> Though I don't feel it's the right way to do things. Wouldn't it be
>> nicer to add:
>> --user=neutron
>> in spawn_process() in neutron/agent/linux/dhcp.py? I know some Debian
>> users did that, and it worked. I was tempted to add such patch, but I
>> don't think it's the right thing to do without upstream approval.
>> Yet another way would be to use "adduser" and add the nobody user in the
>> neutron group, but I'm discarding that option as the least safe.
>> I don't want to introduce a Debian specific security hole in my Neutron
>> package, and I am therefore seeking for advices in this list. What's the
>> safest way to fix that problem?
>> Cheers,
>> Thomas Goirand (zigo)
>> P.S: The issue is also tracked at https://bugs.debian.org/751524, so
>> please leave 751524 at bugs.debian.org as Cc: when replying.
> After 10 days, nobody replied to this question... :(
> Thomas
> _______________________________________________
> Openstack-devel mailing list
> Openstack-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/openstack-devel

More information about the Openstack-devel mailing list