Open Stack

Excerpts from Robert Collins's message of 2013-07-23 02:52:11 -0700:
> We have a bunch of sudo rules in disk-image-builder. They are there
> primarily so we could have passwordless sudo on jenkins boxes, but
> working with the infra team now, it looks like we'd run on
> devstack-gate nodes, not on jenkins directly, so they aren't needed
> for that.
> 
> They don't add appreciable security for end users as they are
> trivially bypassed with link attacks.
> 
> And for distributors they are not something you want to install from a package.
> 
> The only thing the *do* do is permit long running builds to run
> unattended by users with out reprompting for sudo; but this isn't an
> issue for most users, as we download the bulk of data before hitting
> the first sudo call.
> 
> So I'd like to change things to say:
>  - either run sudo disk-image-create or
>  - setup passwordless sudo or
>  - don't run unattended.
> 
> and delete the sudoers.d rules as being a distraction, one we no longer need.
> 
> Opinions?

Keeping it simple seems more useful in keeping diskimage-builder users
secure than specifying everything. Perhaps a user who wants to chase
higher security will do so using SELinux or AppArmor. +1 for the plan.