From ffc1b76f64341e18b5a6e60783f1e33297623f99 Mon Sep 17 00:00:00 2001
From: yatinkarel <ykarel@redhat.com>
Date: Mon, 28 Aug 2023 10:52:26 +0530
Subject: [PATCH] [neutron] Rely on PATH env set by devstack

This was missed as part of [1], neutron sets
exec_dirs in rootwrap.conf differently so that
also needs to be fixed.

Without it neutron openvswitch jobs relying on
neutron-keepalived-state-change scripts were
failing when deployed with GLOBAL_VENV=True as
binaries no longer found at /usr/local/bin.

[1] https://review.opendev.org/c/openstack/devstack/+/558930

Closes-Bug: #2031415
Change-Id: I9aa56bff02594f253381ffe47a70949079f4c240
---
 lib/neutron | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/neutron b/lib/neutron
index a6de7222db..e90ada8929 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -1075,7 +1075,10 @@ function _neutron_setup_rootwrap {
         sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
     fi
     sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE
-    sudo sed -e 's:^exec_dirs=\(.*\)$:exec_dirs=\1,/usr/local/bin:' -i $Q_RR_CONF_FILE
+    # Rely on $PATH set by devstack to determine what is safe to execute
+    # by rootwrap rather than use explicit whitelist of paths in
+    # rootwrap.conf
+    sudo sed -e 's/^exec_dirs=.*/#&/' -i $Q_RR_CONF_FILE
 
     # Specify ``rootwrap.conf`` as first parameter to neutron-rootwrap
     ROOTWRAP_SUDOER_CMD="$NEUTRON_ROOTWRAP $Q_RR_CONF_FILE *"