[openstack-dev] [neutron][rootwrap] Performance considerations, sudo?

Thierry Carrez thierry at openstack.org
Mon Mar 17 14:04:08 UTC 2014


Yuriy Taraday wrote:
> Another option would be to allow rootwrap to run in daemon mode and
> provide RPC interface. This way Neutron can spawn rootwrap (with its
> CPython startup overhead) once and send new commands to be run later
> over UNIX socket.
> This way we won't need learn new language (C/C++), adopt new toolchain
> (RPython, Cython, whatever else) and still get secure way to run
> commands with root priviledges.

Note that the whole concept behind rootwrap is to limit the amount of
code that runs with elevated privileges. If you end up running a full
service as root which imports as many libraries as the rest of OpenStack
services, then you should seriously consider switching to running your
root-heavy service as root directly, because it won't make that much of
a difference.

I'm not closing the door to a persistent implementation... Just saying
that in order to be useful, it needs to be as minimal as possible (both
in amount of code written and code imported) and as simple as possible
(so that its security model can be easily proven safe).

-- 
Thierry Carrez (ttx)



More information about the OpenStack-dev mailing list