Thanks toni. Could u help add those instructions into doc? And we might need provide some tool to enable those CAP_NET_ADMIN cap in the startup scripts.
On Tue, Jan 26, 2016 at 4:29 PM, Antoni Segura Puimedon < toni+openstac...@midokura.com> wrote: > On Tue, Jan 26, 2016 at 8:13 AM, Baohua Yang <yangbao...@gmail.com> wrote: > > Hi hua > > Thanks for the suggestion! > > Yes, root wrap is also a good candidate. > > We will compare to choose the proper solution. > > Thanks! > > > > On Tue, Jan 26, 2016 at 1:59 PM, 王华 <wanghua.hum...@gmail.com> wrote: > >> > >> Hi Baohua, > >> > >> I think https://wiki.openstack.org/wiki/Rootwrap can solve this > problem. > >> It is used in other OpenStack projects like Nova, Neutron. > >> > >> Regards, > >> Wanghua > >> > >> On Tue, Jan 26, 2016 at 1:07 PM, Baohua Yang <yangbao...@gmail.com> > wrote: > >>> > >>> Hi toni > >>> > >>> Recently we found some issue when starting kuryr service without root > >>> privilege [1]. > >>> > >>> Tfukushima mentioned that you have some suggestion on using capacity to > >>> solve this? > > I do. I have a C launcher that allows Kuryr to run with CAP_NET_ADMIN so > that > any user can run it. My idea was to put it in contrib and then let the > distros decide > if they want to run kuryr as root or use the launcher in their packaging > systemd > service files. > > >>> > >>> We currently make a temp workaround by suggesting using sudo to start > the > >>> service [2]. > >>> > >>> Any advice? > >>> > >>> Thanks! > >>> > >>> [1] https://bugs.launchpad.net/kuryr/+bug/1516539. > >>> [2] https://review.openstack.org/#/c/272370 > >>> > >>> -- > >>> Best wishes! > >>> Baohua > >>> > >>> > >>> > __________________________________________________________________________ > >>> OpenStack Development Mailing List (not for usage questions) > >>> Unsubscribe: > >>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >>> > >> > >> > >> > __________________________________________________________________________ > >> OpenStack Development Mailing List (not for usage questions) > >> Unsubscribe: > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >> > > > > > > > > -- > > Best wishes! > > Baohua > > > > > __________________________________________________________________________ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Best wishes! Baohua
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
