[openstack-dev] Python overhead for rootwrap

Jay Buffington me at jaybuff.com
Tue Aug 6 17:15:56 UTC 2013


> Personally I'm of the opinion that from an architectural POV, use of
> either rootwrap or sudo is a bad solution, so arguing about which is
> better is really missing the bigger picture. In Linux, there has been
> a move away from use of sudo or similar approaches, towards the idea
> of having privileged separated services. So if you wanted todo stuff
> related to storage, you'd have some small daemon running privilegd,
> which exposed APIs over DBus, which the non-privileged thing would
> call to make storage changes. Operations exposed by the service would
> have access control configured via something like PolicyKit, and/or
> SELinux/AppArmour.
>

The more I think about this problem the more I'm convinced that rootwrap
simply exists to work around a fundamental design flaw in most (all?) of
the components: a single, threaded, process with poor job/workflow
mnemonics.

If the architecture was such that every operation was a task which could
be carried out by any process (even a process running on a different host)
and each process publishes job types that it can do, then you could do
proper isolation for just those processes that need to do privileged tasks.

https://wiki.openstack.org/wiki/TaskFlow looks to be headed in the right
direction, but I worry it's got a very long road ahead.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130806/368d316a/attachment.html>


More information about the OpenStack-dev mailing list