[nova][ptg] Privsep is not giving us any security
openstack at fried.cc
Thu Apr 18 19:56:03 UTC 2019
Scrubbing the Nova PTG agenda (hence added [ptg] subject tag), and this
is currently on it.
>> 1- introduce privsep
>> 2- change rootwrap calls into generic privsep functions
>> 3- start refactoring calling code so that generic privsep functions can
>> be replaced by narrow, context-aware functions
Based on the discussion in this thread, it sounds to me like nobody
disagrees about what should be done; it's going to be a matter of
getting mikal's series (2 above, [A] below) finished up and then finding
one or more bodies to throw at the next step (3 above).
Can I ask someone (perhaps Mr. Booth?) to file a blueprint to track this?
Is there any part of 3 that we expect to be able to start/finish in Train?
And other than that, is there anything further to discuss, or can we
strike this from the PTG agenda?
> [B] Note that that series has been in flight for quite a while. The
> patch that actually removes rootwrap
> (https://review.openstack.org/#/c/554438/) was first proposed right
> about a year ago. I'm hoping this email thread gets the series some more
> review attention.
More information about the openstack-discuss