Re: [Netstack] bug 948467 - agent root_helper

2012-03-14 Thread Robert Kukura
On 03/13/2012 05:37 PM, Robert Kukura wrote: > On 03/13/2012 02:33 PM, Dan Wendlandt wrote: >> >> >> On Tue, Mar 13, 2012 at 11:28 AM, Robert Kukura > > wrote: >> >> On 03/13/2012 02:17 PM, Dan Wendlandt wrote: > [...] >> > >> > At this point, perhaps an RFC p

Re: [Netstack] bug 948467 - agent root_helper

2012-03-13 Thread Robert Kukura
On 03/13/2012 02:33 PM, Dan Wendlandt wrote: > > > On Tue, Mar 13, 2012 at 11:28 AM, Robert Kukura > wrote: > > On 03/13/2012 02:17 PM, Dan Wendlandt wrote: [...] > > > > At this point, perhaps an RFC patch would be best, so we can discuss > > concrete

Re: [Netstack] bug 948467 - agent root_helper

2012-03-13 Thread Dan Wendlandt
On Tue, Mar 13, 2012 at 11:28 AM, Robert Kukura wrote: > On 03/13/2012 02:17 PM, Dan Wendlandt wrote: > > moving mark and jay to BCC, as I added them mainly for the comments > > about openstack-common. > > > > On Tue, Mar 13, 2012 at 10:52 AM, Robert Kukura > > wrote:

Re: [Netstack] bug 948467 - agent root_helper

2012-03-13 Thread Robert Kukura
On 03/13/2012 02:17 PM, Dan Wendlandt wrote: > moving mark and jay to BCC, as I added them mainly for the comments > about openstack-common. > > On Tue, Mar 13, 2012 at 10:52 AM, Robert Kukura > wrote: > > > > > > My only concerns here are really around tryin

Re: [Netstack] bug 948467 - agent root_helper

2012-03-13 Thread Dan Wendlandt
moving mark and jay to BCC, as I added them mainly for the comments about openstack-common. On Tue, Mar 13, 2012 at 10:52 AM, Robert Kukura wrote: > > > > > > My only concerns here are really around trying to adding the rootwrap > > capability right before we release our RC (target is tomorrow, >

Re: [Netstack] bug 948467 - agent root_helper

2012-03-13 Thread Robert Kukura
On 03/13/2012 01:38 PM, Dan Wendlandt wrote: > Hi Bob, > > I think this email highlights a general issue around need a general > library of common code for agents, since many of them will benefit from > things like root-wrap, common logging code, etc. This is something I'd > like to push for in F

Re: [Netstack] bug 948467 - agent root_helper

2012-03-13 Thread Dan Wendlandt
Hi Bob, I think this email highlights a general issue around need a general library of common code for agents, since many of them will benefit from things like root-wrap, common logging code, etc. This is something I'd like to push for in Folsom (particularly in the scope of openstack-common), so

Re: [Netstack] bug 948467 - agent root_helper

2012-03-13 Thread Sumit Naiksatam (snaiksat)
Hi Bob, Thanks for taking this up. Responses inline. ~Sumit. > -Original Message- > From: Robert Kukura [mailto:rkuk...@redhat.com] > Sent: Tuesday, March 13, 2012 9:40 AM > To: Sumit Naiksatam (snaiksat); Dan Wendlandt; Brad Hall; > netstack@lists.launchpad.net > Cc: Christopher Wright >

[Netstack] bug 948467 - agent root_helper

2012-03-13 Thread Robert Kukura
I intend to submit a patch today for RC1 so that the linuxbridge and openvswitch agents will no longer need to run as root. Instead, they will read a root_helper config variable and prepend that to the commands they execute, as nova does when it executes commands for which run_as_root is specified