Open Stack

On Thu, Nov 29, 2012 at 8:35 AM, Russell Bryant <rbryant at redhat.com> wrote:
> On 11/28/2012 02:15 PM, John Griffith wrote:
>> Talking to Eric H and folks in the Cinder meeting this morning I think
>> we all agreed on this, so long as there's no objections here from the
>> broader ML?  The only question that remains is dealing with the
>> root-access requirement by Cinder for rtslib.  Not sure about changes to
>> the lib to fix this, or the possibility of a wrapper etc. or maybe it's
>> not a major concern?
>
> The problem with it is that from a general security perspective, having
> a network facing daemon running as root is not ideal (direct use of
> rtslib).  Having a utility we execute via rootwrap is a little better
> (targetcli if designed for interactive use, or our own rtslib wrapper).
>  Having a privileged daemon we talk to is even better (targetd).

Isn't that one of the characteristics of quick-and-dirty: that it
won't be as good as something slower and cleaner? I guess I would ask
'how low the bar can be', and if q&d is too low in this case, just aim
straight at targetd.

-Rob

-- 
Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Cloud Services