Public bug reported: The libreswan device driver attempts to both cleanup[0] and chown[1] ipsec.secrets to root, using the bare python os module. From what I can gather it should use neutron-rootwrap to do these operations, otherwise the operator is forced to run the agent as root.
[0] https://github.com/openstack/neutron-vpnaas/blob/master/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py#L40-L42 [1] https://github.com/openstack/neutron-vpnaas/blob/master/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py#L50-L51 ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1644517 Title: [neutron-vpnaas] libreswan driver requires root Status in neutron: New Bug description: The libreswan device driver attempts to both cleanup[0] and chown[1] ipsec.secrets to root, using the bare python os module. From what I can gather it should use neutron-rootwrap to do these operations, otherwise the operator is forced to run the agent as root. [0] https://github.com/openstack/neutron-vpnaas/blob/master/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py#L40-L42 [1] https://github.com/openstack/neutron-vpnaas/blob/master/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py#L50-L51 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1644517/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
