[openstack-dev] [neutron][rootwrap] Performance considerations, sudo?
IWAMOTO Toshihiro
iwamoto at valinux.co.jp
Mon Mar 17 09:01:42 UTC 2014
At Thu, 13 Mar 2014 07:48:53 -0700,
Aaron Rosen wrote:
>
> [1 <multipart/alternative (7bit)>]
> [1.1 <text/plain; ISO-8859-1 (7bit)>]
> The easiest/quickest thing to do for ice house would probably be to run the
> initial sync in parallel like the dhcp-agent does for this exact reason.
> See: https://review.openstack.org/#/c/28914/ which did this for thr
> dhcp-agent.
>
> Best,
>
> Aaron
> On Thu, Mar 13, 2014 at 12:18 PM, Miguel Angel Ajo <majopela at redhat.com>wrote:
> >
> > Yuri, could you elaborate your idea in detail? , I'm lost at some
> > points with your unix domain / token authentication.
> >
> > Where does the token come from?,
> >
> > Who starts rootwrap the first time?
> >
> > If you could write a full interaction sequence, on the etherpad, from
> > rootwrap daemon start ,to a simple call to system happening, I think that'd
> > help my understanding.
>
>
> Here it is: https://etherpad.openstack.org/p/rootwrap-agent
> Please take a look.
I've added a couple of security-related comments (pickle decoding and
token leak) on the etherpad.
Please check.
--
IWAMOTO Toshihiro
More information about the OpenStack-dev
mailing list