Scrubbing the Nova PTG agenda (hence added [ptg] subject tag), and this is currently on it.
1- introduce privsep 2- change rootwrap calls into generic privsep functions 3- start refactoring calling code so that generic privsep functions can be replaced by narrow, context-aware functions
Based on the discussion in this thread, it sounds to me like nobody disagrees about what should be done; it's going to be a matter of getting mikal's series (2 above, [A] below) finished up and then finding one or more bodies to throw at the next step (3 above). Can I ask someone (perhaps Mr. Booth?) to file a blueprint to track this? Is there any part of 3 that we expect to be able to start/finish in Train? And other than that, is there anything further to discuss, or can we strike this from the PTG agenda?
[A] https://review.openstack.org/#/q/topic:my-own-personal-alternative-universe+...) [B] Note that that series has been in flight for quite a while. The patch that actually removes rootwrap (https://review.openstack.org/#/c/554438/) was first proposed right about a year ago. I'm hoping this email thread gets the series some more review attention.
Thanks, efried .