1039528 – Neutron rootwrap does not follow packaging guidelines

Bug 1039528 - Neutron rootwrap does not follow packaging guidelines

Summary: Neutron rootwrap does not follow packaging guidelines

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-neutron
Sub Component:
Version:	4.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	z1
Target Release:	4.0
Assignee:	Terry Wilson
QA Contact:	Ofer Blaut
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1039774 (view as bug list)
Depends On:	984097 1039774
Blocks:	1129685
TreeView+	depends on / blocked

Reported:	2013-12-09 11:02 UTC by Kashyap Chamarthy
Modified:	2022-07-09 06:17 UTC (History)
CC List:	8 users (show)
Fixed In Version:	openstack-neutron-2013.2.1-2.el6ost
Doc Type:	Bug Fix
Doc Text:
Clone Of:	984097
Clones:	1129685 (view as bug list)
Environment:
Last Closed:	2014-01-22 18:32:13 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2014:0091	0	normal	SHIPPED_LIVE	Moderate: openstack-neutron security, bug fix, and enhancement update	2014-01-22 23:31:15 UTC

Description Kashyap Chamarthy 2013-12-09 11:02:36 UTC

+++ This bug was initially created as a clone of Bug #984097 +++

Description of problem:

This file is wrong and makes quantum rootwrap ineffective:

# tail -1 /etc/sudoers.d/quantum 
quantum ALL = (root) NOPASSWD: SETENV: /usr/bin/quantum-rootwrap


It should be simliar to nova and cinder and specify parameters, ie:

# tail -1 /etc/sudoers.d/nova 
nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *



See https://wiki.openstack.org/wiki/Packager/Rootwrap


Version-Release number of selected component (if applicable):

# rpm -qf /etc/sudoers.d/quantum
openstack-quantum-2013.1.2-1.el6.noarch

# cat /etc/centos-release 
CentOS release 6.4 (Final)

--- Additional comment from Kashyap Chamarthy on 2013-12-09 05:46:43 EST ---

Can any Neutron folks confirm if the below fix is appropriate:

$ fedpkg clone -B -a openstack-neutron

$ cd openstack-neutron/master

Edit neutron-sudoers file to reflect
 
 neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *

$ git diff 
diff --git a/neutron-sudoers b/neutron-sudoers
index 3786ada..b5448c8 100644
--- a/neutron-sudoers
+++ b/neutron-sudoers
@@ -1,3 +1,3 @@
 Defaults:neutron !requiretty
 
-neutron ALL = (root) NOPASSWD: SETENV: /usr/bin/neutron-rootwrap
+neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *

Comment 2 Terry Wilson 2013-12-13 19:54:07 UTC

*** Bug 1039774 has been marked as a duplicate of this bug. ***

Comment 9 Ofer Blaut 2014-01-19 14:10:32 UTC

Tested 

openstack-neutron-2013.2.1-4.el6ost.noarch



[root@puma05 ~(keystone_admin)]# tail -1 /etc/sudoers.d/neutron 
neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *

Comment 11 errata-xmlrpc 2014-01-22 18:32:13 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2014-0091.html

Note You need to log in before you can comment on or make changes to this bug.