I commented on the patch, but this exists because /var/run/netns can be secured on any OS. We need to work in these secure environments as well.
** Changed in: neutron Status: New => Opinion -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1500528 Title: Deprecate config option 'use_helper_for_ns_read' Status in neutron: Opinion Bug description: The config option 'cfg.CONF.AGENT.use_helper_for_ns_read' defaults to "True" as seen here: cfg.BoolOpt('use_helper_for_ns_read', default=True, help=_('Use the root helper to read the namespaces from ' 'the operating system.')), There are two places in neutron.agent.linux.ip_lib where the list of namespaces are retrieved: class IPWrapper(SubProcessBase): def get_namespaces(cls): output = cls._execute([], 'netns', ('list',)) return [l.strip() for l in output.split('\n')] and class IpNetnsCommand(IpCommandBase): def exists(self, name): output = self._parent._execute( ['o'], 'netns', ['list'], run_as_root=cfg.CONF.AGENT.use_helper_for_ns_read) for line in output.split('\n'): if name == line.strip(): return True return False Both methods are calling "ip netns list", but only one is actually using the configuration option. Both of these methods are called through out the code. The configuration option is not necessary in the first case therefore it should be removed. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1500528/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp