Eric Windisch wrote:
>> What implementation suboption would have your preference ? Is
>> nova-rootwrap now universally used ? Should we prefer compatibility or
>> absence of confusion ?
>
> There is an issue of how to extend rootwrap from third-party backend
> drivers. If this was (is?) addressed,
>
>
>
> What implementation suboption would have your preference ? Is
> nova-rootwrap now universally used ? Should we prefer compatibility or
> absence of confusion ?
There is an issue of how to extend rootwrap from third-party backend drivers.
If this was (is?) addressed, universal use of ro
Eric Windisch wrote:
> On Tuesday, June 5, 2012 at 19:18 PM, Joshua Harlow wrote:
>
>> Why couldn’t nova just escalate pythons privileges to the super user
>> when writing a file (thus allowing it to use python file writing
>> functions and such).
>
> Because we use Eventlet. os.setuid applies to
On Tuesday, June 5, 2012 at 20:44 PM, Joshua Harlow wrote:
> Re: [Openstack] Question on nova disk injection... Interesting, darn, that
> sorta makes it harder than it seems like it should be.
>
> Is there any pattern that we can follow for this that other programs use, do
Yun,
The setuid bit is unnecessary, python can be launched by the root user. It
would then drop privileges. For instance, the sshd daemon does not require a
setuid bit, it is simply executed by root. It uses privilege separation and
does the set(e)uid for users that login through it.
Having a
Python is a scripting language. To get setuid work, you usually have
to give the setuid permission to /usr/bin/python which is a big no no.
One work around is to have a customized compiled program (e.g. from
C), which takes a python file as input, do all kinds of sanity check,
and switch to root u
pport something like this (or
be modified to?). Anyone else know other ways of doing this that might be
useful? The suggestions that involve RPC being one way.
On 6/5/12 5:35 PM, "Eric Windisch" wrote:
On Tuesday, June 5, 2012 at 19:18 PM, Joshua Harlow wrote:
Re: [Openstack] Q
On Tuesday, June 5, 2012 at 19:18 PM, Joshua Harlow wrote:
> Re: [Openstack] Question on nova disk injection... Why couldn’t nova just
> escalate pythons privileges to the super user when writing a file (thus
> allowing it to use python file writing functions and such).
Becau
Why couldn't nova just escalate pythons privileges to the super user when
writing a file (thus allowing it to use python file writing functions and such).
Then after it writes it could drop it back to down to some other user?
That might make sense, idk, instead of having the disk injection act l
On 06/05/2012 05:42 PM, Joshua Harlow wrote:
> Hi all,
>
> Just some questions that I had about how nova is doing disk injection
> and such.
>
> I was noticing that it the main disk/api.py does a lot of tee, cat and
> similar commands. Is there any reason it couldn’t just use the standard
> pytho
10 matches
Mail list logo
