[openstack-dev] Running dnsmasq in Neutron: unix rights

Thomas Goirand zigo at debian.org
Mon Jun 23 15:10:38 UTC 2014


On 06/14/2014 07:26 PM, Thomas Goirand wrote:
> Hi,
> 
> I've been thinking for a long time on how to fix dnsmasq unix rights
> issue in Neutron. Namely (from syslog):
> 
> /var/lib/neutron/dhcp/{id}/host : Permission denied
> 
> One way to fix it is to do:
> chmod o+x /var/lib/neutron
> 
> Though I don't feel it's the right way to do things. Wouldn't it be
> nicer to add:
> --user=neutron
> 
> in spawn_process() in neutron/agent/linux/dhcp.py? I know some Debian
> users did that, and it worked. I was tempted to add such patch, but I
> don't think it's the right thing to do without upstream approval.
> 
> Yet another way would be to use "adduser" and add the nobody user in the
> neutron group, but I'm discarding that option as the least safe.
> 
> I don't want to introduce a Debian specific security hole in my Neutron
> package, and I am therefore seeking for advices in this list. What's the
> safest way to fix that problem?
> 
> Cheers,
> 
> Thomas Goirand (zigo)
> 
> P.S: The issue is also tracked at https://bugs.debian.org/751524, so
> please leave 751524 at bugs.debian.org as Cc: when replying.

After 10 days, nobody replied to this question... :(

Thomas




More information about the OpenStack-dev mailing list