 c89c1f53db
			
		
	
	c89c1f53db
	
	
	
		
			
			Replace rootwrap execution with privsep context execution. This series of patches will progressively replace any rootwrap call. This patch replaces some "IpNetnsCommand" command execution methods. Change-Id: Ic5fdf221a2a2cd0951539b0e040d2a941feee287 Story: #2007686 Task: #41558
		
			
				
	
	
		
			18 lines
		
	
	
		
			973 B
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			18 lines
		
	
	
		
			973 B
		
	
	
	
		
			YAML
		
	
	
	
	
	
| ---
 | |
| other:
 | |
|   - |
 | |
|     As defined in `Migrate from oslo.rootwrap to oslo.privsep
 | |
|     <https://opendev.org/openstack/governance/src/branch/master/goals/selected/wallaby/migrate-to-privsep.rst>`_,
 | |
|     all OpenStack proyects should migrate from oslo.rootwrap to oslo.privsep
 | |
|     because "oslo.privsep offers a superior security model, faster and more
 | |
|     secure".
 | |
|     This migration will end with the deprecation and removal of oslo.rootwrap
 | |
|     from Neutron. To ensure the quality of the Neutron code, this migration
 | |
|     will be done sequentially in several patches, checking none of them breaks
 | |
|     the current functionality.
 | |
|     In order to easily migrate to execute all external commands inside a
 | |
|     privsep context, a new input variable "privsep_exec", that defaults to
 | |
|     "False", is added to ``neutron.agent.linux.utils.execute``. That will
 | |
|     divert the code to a privsep decorated executor.
 | |
|     Once the migration finishes, this new input parameter will be removed.
 |