Open Stack

On 11/28/2012 02:15 PM, John Griffith wrote:
> Talking to Eric H and folks in the Cinder meeting this morning I think
> we all agreed on this, so long as there's no objections here from the
> broader ML?  The only question that remains is dealing with the
> root-access requirement by Cinder for rtslib.  Not sure about changes to
> the lib to fix this, or the possibility of a wrapper etc. or maybe it's
> not a major concern?

The problem with it is that from a general security perspective, having
a network facing daemon running as root is not ideal (direct use of
rtslib).  Having a utility we execute via rootwrap is a little better
(targetcli if designed for interactive use, or our own rtslib wrapper).
 Having a privileged daemon we talk to is even better (targetd).

-- 
Russell Bryant