Ask Your Question

Revision history [back]

My Neutron policy.json file contains this line:

"update_port:mac_address": "rule:admin_only or rule:context_is_advsvc"

This means that one has to be admin to change the MAC address, or have the advsvc role (that's what the second rule boils down to).

Your options are:

  • become admin, then change the MAC address
  • add the advsvc role to your non-admin user, then try again
  • remove the two rules from the policy, so that it looks like this: "update_port:mac_address": "", then try again

I am not sure what's the rationale for not allowing normal users to change the MAC address. Perhaps changing the MAC could cause repercussions not only for other users/projects, but also for the network infrastructure such as forwarding tables, caches etc on physical network devices.