[PKG-Openstack-devel] Bug#751524: [openstack-dev] Running dnsmasq in Neutron: unix rights
Benedikt Trefzer
benedikt.trefzer at cirrax.com
Tue Jun 24 16:46:27 UTC 2014
Hi Thomas
It should be possible to add
dnsmasq_config_file = /a-path/to/a/file
in /etc/neutron/dhcp_agent.ini
and then set
user=neutron
group=neutron
in /a-path/to/a/file
I did not test this yet.
Cheers
Benedikt
On 23.06.2014 17:10, Thomas Goirand wrote:
> On 06/14/2014 07:26 PM, Thomas Goirand wrote:
>> Hi
>>
>> I've been thinking for a long time on how to fix dnsmasq unix rights
>> issue in Neutron. Namely (from syslog):
>>
>> /var/lib/neutron/dhcp/{id}/host : Permission denied
>>
>> One way to fix it is to do:
>> chmod o+x /var/lib/neutron
>>
>> Though I don't feel it's the right way to do things. Wouldn't it be
>> nicer to add:
>> --user=neutron
>>
>> in spawn_process() in neutron/agent/linux/dhcp.py? I know some Debian
>> users did that, and it worked. I was tempted to add such patch, but I
>> don't think it's the right thing to do without upstream approval.
>>
>> Yet another way would be to use "adduser" and add the nobody user in the
>> neutron group, but I'm discarding that option as the least safe.
>>
>> I don't want to introduce a Debian specific security hole in my Neutron
>> package, and I am therefore seeking for advices in this list. What's the
>> safest way to fix that problem?
>>
>> Cheers,
>>
>> Thomas Goirand (zigo)
>>
>> P.S: The issue is also tracked at https://bugs.debian.org/751524, so
>> please leave 751524 at bugs.debian.org as Cc: when replying.
>
> After 10 days, nobody replied to this question... :(
>
> Thomas
>
> _______________________________________________
> Openstack-devel mailing list
> Openstack-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/openstack-devel
>
More information about the Openstack-devel
mailing list