2013/12/9 Kurt Griffiths <kurt.griffiths at rackspace.com> > This list of features makes me *very* nervous from a security > standpoint. Are we talking about giving an agent an arbitrary shell command > or file to install, and it goes and does that, or are we simply triggering > a preconfigured action (at the time the agent itself was installed)? > > I believe the agent must execute only a set of preconfigured actions exactly due to security reasons. It should be up to the using project (Savanna/Trove) to decide which actions must be exposed by the agent. > From: Steven Dake <sdake at redhat.com> > Reply-To: OpenStack Dev <openstack-dev at lists.openstack.org> > Date: Monday, December 9, 2013 at 11:41 AM > To: OpenStack Dev <openstack-dev at lists.openstack.org> > > Subject: Re: [openstack-dev] Unified Guest Agent proposal > > In terms of features: > * run shell commands > * install files (with selinux properties as well) > * create users and groups (with selinux properties as well) > * install packages via yum, apt-get, rpm, pypi > * start and enable system services for systemd or sysvinit > * Install and unpack source tarballs > * run scripts > * Allow grouping, selection, and ordering of all of the above operations > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131209/485188fc/attachment.html>