[openstack-dev] [grenade] upgrades vs rootwrap

Sean McGinnis sean.mcginnis at gmx.com
Mon Jul 4 12:36:45 UTC 2016


On Mon, Jul 04, 2016 at 01:59:09PM +0200, Thierry Carrez wrote:
[...]
> The issue here is that oslo.rootwrap uses config files to determine
> what to allow, but those are not really configuration files as far
> as the application using them is concerned. Those must match the
> code being executed.
> 
> So from Grenade perspective, those should really not be considered
> configuration files, but application files.
[...]

+1

I have to agree with this perspective. They are config files, but they
are a special type of config file that is closely tied in to the code. I
think we should treat them as application files.

I say we allow these changes for grenade and move forward on this. I
think we all agree we want to move to privsep. As long as we document
this very clearly that these changes need to be made for upgrades, I'm
OK with that.

I would really like to be able to decided on this and move forward. I'm
afraid sticking with rootwrap for another cycle with just confuse things
and compound our issues.

Sean




More information about the OpenStack-dev mailing list