Tony Breeds <t...@bakeyournoodle.com> wrote:
On Tue, Nov 01, 2016 at 12:45:43PM +0100, Ihar Hrachyshka wrote:
I suggested in the bug and the PoC review that neutron is not the right
project to solve the issue. Seems like oslo.rootwrap is a better place to
maintain privilege management code for OpenStack. Ideally, a solution
would
be found in scope of the library that would not require any changes
per-project.
With the change of direction from oslo.roowrap to oslo.provsep I doubt that
there is scope to land this in oslo.rootwarp.
It may take a while for projects to switch to caps for privilege
separation. It may be easier to unblock xen folks with a small enhancement
in oslo.rootwrap scope and handle transition to oslo.privsep on a separate
schedule. I would like to hear from oslo folks on where alternative
hypervisors fit in their rootwrap/privsep plans.
Ihar
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
