neutron

no rootwrap filter for 'route', used by l3-agent

Bug #1053889 reported by dan wendlandt on 2012-09-21

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Critical	dan wendlandt	neutron 2012.2 "folsom"

Bug Description

The l3-agent invokes 'route' within a namespace to set the default gateway within that namespace, for example, to reach the internet via a gateway on an external network. However, rootwrap does not have a filter for this, so the command is denied:

2012-09-21 04:32:45 DEBUG [quantum.agent.linux.utils] Running command: sudo /
usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ip netns exec qrouter-60e80b
d6-3471-4bc6-8383-2cb39375ebc5 route add default gw 192.168.0.1
2012-09-21 04:32:45 DEBUG [quantum.agent.linux.utils]
Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf', 'ip
', 'netns', 'exec', 'qrouter-60e80bd6-3471-4bc6-8383-2cb39375ebc5', 'route', 'ad
d', 'default', 'gw', '192.168.0.1']
Exit code: 99
Stdout: 'Unauthorized command: ip netns exec qrouter-60e80bd6-3471-4bc6-8383-2cb
39375ebc5 route add default gw 192.168.0.1\n'

dan wendlandt (danwent) on 2012-09-21

Changed in quantum:
status:	New → In Progress
importance:	Undecided → Critical
assignee:	nobody → dan wendlandt (danwent)
milestone:	none → folsom-rc2

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-09-21: Fix proposed to quantum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/13450

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-09-21: Fix merged to quantum (master)

Reviewed: https://review.openstack.org/13450
Committed: http://github.com/openstack/quantum/commit/79b7b63e9697d9eaab30c2ea76976f9dbb32e684
Submitter: Jenkins
Branch: master

commit 79b7b63e9697d9eaab30c2ea76976f9dbb32e684
Author: Dan Wendlandt <email address hidden>
Date: Fri Sep 21 01:49:04 2012 -0700

all rootwrap filter for 'route', used by l3-agent

bug 1053889

Change-Id: If35f1f48464cd0bb795af4e9e82f5d7a9867b0aa

Changed in quantum:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-09-21: Fix proposed to quantum (milestone-proposed)

Fix proposed to branch: milestone-proposed
Review: https://review.openstack.org/13456

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-09-21: Fix merged to quantum (milestone-proposed)

Reviewed: https://review.openstack.org/13456
Committed: http://github.com/openstack/quantum/commit/7253c89e7ee8fde150cf44a981894f8ebae64a58
Submitter: Jenkins
Branch: milestone-proposed

commit 7253c89e7ee8fde150cf44a981894f8ebae64a58
Author: Dan Wendlandt <email address hidden>
Date: Fri Sep 21 01:49:04 2012 -0700

all rootwrap filter for 'route', used by l3-agent

bug 1053889

Change-Id: If35f1f48464cd0bb795af4e9e82f5d7a9867b0aa

Changed in quantum:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2012-09-27

Changed in quantum:
milestone:	folsom-rc2 → 2012.2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.