Reviewed: https://review.openstack.org/166353 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=3106d358f1963f9f9611018ad77eadd13874242d Submitter: Jenkins Branch: master commit 3106d358f1963f9f9611018ad77eadd13874242d Author: Cedric Brandily <zzelle at gmail.com> Date: Fri Mar 20 16:11:53 2015 +0000 Move metadata proxy shared options to neutron.conf This change moves metadata proxy options shared between dhcp and l3 agents to neutron.conf. This change prepares follow-up changes allowing to run metadata proxy with nobody user/group Change-Id: I1828e322791b8a697765cad2f12857e3d6deae68 Related-bug: #1427228 -- You received this bug notification because you are a member of OpenStack Security Group, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1427228 Title: Allow to run neutron-ns-metadata-proxy as nobody Status in OpenStack Neutron (virtual network service): In Progress Bug description: Currently neutron-ns-metadata-proxy runs with neutron user/group permissions on l3-agent but we should allow to run it with less permissions as neutron user is allowed to run neutron-rootwrap. We should restrict as much as possible neutron-ns-metadata-proxy permissions as it's reachable from VMs. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1427228/+subscriptions