+++ This bug was initially created as a clone of Bug #984097 +++

Description of problem:

This file is wrong and makes quantum rootwrap ineffective:

# tail -1 /etc/sudoers.d/quantum 
quantum ALL = (root) NOPASSWD: SETENV: /usr/bin/quantum-rootwrap


It should be simliar to nova and cinder and specify parameters, ie:

# tail -1 /etc/sudoers.d/nova 
nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *



See https://wiki.openstack.org/wiki/Packager/Rootwrap


Version-Release number of selected component (if applicable):

# rpm -qf /etc/sudoers.d/quantum
openstack-quantum-2013.1.2-1.el6.noarch

# cat /etc/centos-release 
CentOS release 6.4 (Final)

--- Additional comment from Kashyap Chamarthy on 2013-12-09 05:46:43 EST ---

Can any Neutron folks confirm if the below fix is appropriate:

$ fedpkg clone -B -a openstack-neutron

$ cd openstack-neutron/master

Edit neutron-sudoers file to reflect
 
 neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *

$ git diff 
diff --git a/neutron-sudoers b/neutron-sudoers
index 3786ada..b5448c8 100644
--- a/neutron-sudoers
+++ b/neutron-sudoers
@@ -1,3 +1,3 @@
 Defaults:neutron !requiretty
 
-neutron ALL = (root) NOPASSWD: SETENV: /usr/bin/neutron-rootwrap
+neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *

--- Additional comment from Terry Wilson on 2013-12-09 19:19:13 EST ---

The correct fix is as you suspected:

-neutron ALL = (root) NOPASSWD: SETENV: /usr/bin/neutron-rootwrap
+neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *

I've fixed this locally and tested it. Build coming soon.