akanda

akanda-rug does not have a root helper

Bug #1452862 reported by Adam Gandelman on 2015-05-07

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	akanda	New	Medium	Unassigned

Bug Description

Our default config sets root_helper to 'sudo', meaning the rug service has wide open sudo access. While its not the best, the rootwrap approach is the standard way of providing finer grained sudo access to openstack service daemons. Lets implement it in the rug and have a default rootwrap filters that allows only the commands the RUG needs. This'll require a quick audit of current sudo usage to figure out what we need to allow.

Tags:

Sean Roberts (sarob) on 2015-05-09

Changed in akanda:
milestone:	none → 2015.1.0
tags:	added: akanda-rug

Sean Roberts (sarob) on 2015-05-11

Changed in akanda:
importance:	Undecided → Medium

Revision history for this message

Adam Gandelman (gandelman-a) wrote on 2015-05-14:

This can piggyback on migration to oslo.concurrency and using process_utils for command execution.

Sean Roberts (sarob) on 2015-05-16

Changed in akanda:
milestone:	2015.1.0 → none

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.