diff --git a/neutron/agent/common/ovs_lib.py b/neutron/agent/common/ovs_lib.py index 92966323fc0..a1265c5a442 100644 --- a/neutron/agent/common/ovs_lib.py +++ b/neutron/agent/common/ovs_lib.py @@ -373,7 +373,8 @@ class OVSBridge(BaseOVS): for i in range(1, 11): try: return utils.execute(full_args, run_as_root=True, - process_input=process_input) + process_input=process_input, + privsep_exec=True) except Exception as e: if "failed to connect to socket" in str(e): LOG.debug("Failed to connect to OVS. Retrying " diff --git a/neutron/cmd/sanity/checks.py b/neutron/cmd/sanity/checks.py index 4aeb5dd2f23..0e01c21b459 100644 --- a/neutron/cmd/sanity/checks.py +++ b/neutron/cmd/sanity/checks.py @@ -113,7 +113,8 @@ def ofctl_arg_supported(cmd, **kwargs): ovs_lib._build_flow_expr_str(kwargs, cmd.split('-')[0], False)] try: - agent_utils.execute(full_args, run_as_root=True) + agent_utils.execute(full_args, run_as_root=True, + privsep_exec=True) except RuntimeError as e: LOG.debug("Exception while checking supported feature via " "command %s. Exception: %s", full_args, e) diff --git a/neutron/tests/unit/agent/common/test_ovs_lib.py b/neutron/tests/unit/agent/common/test_ovs_lib.py index 3d889efadb6..ef9b1b78929 100644 --- a/neutron/tests/unit/agent/common/test_ovs_lib.py +++ b/neutron/tests/unit/agent/common/test_ovs_lib.py @@ -200,12 +200,12 @@ class OVS_Lib_Test(base.BaseTestCase): def _ofctl_mock(self, cmd, *args, **kwargs): cmd = self._ofctl_args(cmd, *args) - return mock.call(cmd, run_as_root=True, **kwargs) + return mock.call(cmd, run_as_root=True, privsep_exec=True, **kwargs) def _verify_ofctl_mock(self, cmd, *args, **kwargs): cmd = self._ofctl_args(cmd, *args) - return self.execute.assert_called_once_with(cmd, run_as_root=True, - **kwargs) + return self.execute.assert_called_once_with( + cmd, run_as_root=True, privsep_exec=True, **kwargs) def test_add_flow_timeout_set(self): flow_dict = collections.OrderedDict([ diff --git a/neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py b/neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py index 5bdfe1f0677..7791dfa28ae 100644 --- a/neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py +++ b/neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py @@ -1168,7 +1168,7 @@ class TestCookieContext(base.BaseTestCase): mock.ANY, process_input='hard_timeout=0,idle_timeout=0,priority=1,' 'cookie=%d,actions=drop' % cookie, - run_as_root=mock.ANY, + run_as_root=True, privsep_exec=True ) for cookie in (update_cookie, default_cookie) ]