On Tue, Jan 26, 2016 at 10:19 AM, Baohua Yang <[email protected]> wrote: > Thanks toni. > Could u help add those instructions into doc? > And we might need provide some tool to enable those CAP_NET_ADMIN cap in the > startup scripts.
I'll send a wip patch today or tomorrow. > > On Tue, Jan 26, 2016 at 4:29 PM, Antoni Segura Puimedon > <[email protected]> wrote: >> >> On Tue, Jan 26, 2016 at 8:13 AM, Baohua Yang <[email protected]> wrote: >> > Hi hua >> > Thanks for the suggestion! >> > Yes, root wrap is also a good candidate. >> > We will compare to choose the proper solution. >> > Thanks! >> > >> > On Tue, Jan 26, 2016 at 1:59 PM, 王华 <[email protected]> wrote: >> >> >> >> Hi Baohua, >> >> >> >> I think https://wiki.openstack.org/wiki/Rootwrap can solve this >> >> problem. >> >> It is used in other OpenStack projects like Nova, Neutron. >> >> >> >> Regards, >> >> Wanghua >> >> >> >> On Tue, Jan 26, 2016 at 1:07 PM, Baohua Yang <[email protected]> >> >> wrote: >> >>> >> >>> Hi toni >> >>> >> >>> Recently we found some issue when starting kuryr service without root >> >>> privilege [1]. >> >>> >> >>> Tfukushima mentioned that you have some suggestion on using capacity >> >>> to >> >>> solve this? >> >> I do. I have a C launcher that allows Kuryr to run with CAP_NET_ADMIN so >> that >> any user can run it. My idea was to put it in contrib and then let the >> distros decide >> if they want to run kuryr as root or use the launcher in their packaging >> systemd >> service files. >> >> >>> >> >>> We currently make a temp workaround by suggesting using sudo to start >> >>> the >> >>> service [2]. >> >>> >> >>> Any advice? >> >>> >> >>> Thanks! >> >>> >> >>> [1] https://bugs.launchpad.net/kuryr/+bug/1516539. >> >>> [2] https://review.openstack.org/#/c/272370 >> >>> >> >>> -- >> >>> Best wishes! >> >>> Baohua >> >>> >> >>> >> >>> >> >>> __________________________________________________________________________ >> >>> OpenStack Development Mailing List (not for usage questions) >> >>> Unsubscribe: >> >>> [email protected]?subject:unsubscribe >> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>> >> >> >> >> >> >> >> >> __________________________________________________________________________ >> >> OpenStack Development Mailing List (not for usage questions) >> >> Unsubscribe: >> >> [email protected]?subject:unsubscribe >> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> >> > >> > >> > >> > -- >> > Best wishes! >> > Baohua >> > >> > >> > __________________________________________________________________________ >> > OpenStack Development Mailing List (not for usage questions) >> > Unsubscribe: >> > [email protected]?subject:unsubscribe >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: [email protected]?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > -- > Best wishes! > Baohua > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
