On 2015-02-04 13:40:29 +0200 (+0200), Duncan Thomas wrote: > 4) Write a small daemon that runs as root, accepting commands over > a unix domain socket or similar. Easier to audit, less code > running as root. http://git.openstack.org/cgit/openstack/oslo.rootwrap/tree/oslo_rootwrap/daemon.py -- Jeremy Stanley