rootwrap needs to be extensible
Bug #954375 reported by
Andrew Bogott
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
Fix Released
|
Wishlist
|
Thierry Carrez | ||
Bug Description
Many Nova features allow drop-in drivers, and many of these drivers depend on tools that are not in the default set of tools wrapped by rootwrap.
So, we need a way for either
a) A driver to specific an additional tool for rootwrap to support, or
b) A way to specify additional rootwrap-supported tools as a config option.
Revision history for this message
| Thierry Carrez (ttx) wrote | #1 |
| Changed in nova: | |
| importance: | Undecided → Wishlist |
| status: | New → Confirmed |
| tags: | added: rootwrap |
Revision history for this message
| Thierry Carrez (ttx) wrote | #2 |
| Changed in nova: | |
| milestone: | none → folsom-2 |
| status: | Confirmed → Fix Committed |
| assignee: | nobody → Thierry Carrez (ttx) |
| Changed in nova: | |
| status: | Fix Committed → Fix Released |
| Changed in nova: | |
| milestone: | folsom-2 → 2012.2 |
To post a comment you must log in.
I understand the need. It's a bit tricky to get the security model for this right, though.
The current model is to allow sudo to run "/usr/bin/
Alternatively we could allow sudo to run "/usr/bin/
I'll add this to my Folsom improvements list.