[openstack-dev] [neutron] replace external ip monitor
Peter V. Saveliev
peter at svinota.eu
Mon May 4 13:46:23 UTC 2015
On 05/04/2015 03:25 PM, Miguel Ángel Ajo wrote:
> Does the library require root privileges to work
> for the operations you’re planning to do?
Nope.
Only the network stack changes need CAP_NET_ADMIN (add/del address,
interface, route, traffic queue etc), and netns operations need the root
access.
Just monitoring doesn't require any special permissions and can run
under «nobody».
>
> That would be a stopper, since all the agents run unprivileged, and all the
> operations are filtered by the oslo root wrap daemon or cmdline tool.
Offtopic: btw, here I would like to ping Angus with his patchset [1].
<skip />
[1] https://review.openstack.org/#/c/155631/
--
Peter V. Saveliev
More information about the OpenStack-dev
mailing list