[openstack-dev] [nova][cinder][neutron][security] Rootwrap on root-intensive nodes
Jeremy Stanley
fungi at yuggoth.org
Wed Feb 4 16:50:24 UTC 2015
On 2015-02-04 18:38:16 +0200 (+0200), Duncan Thomas wrote:
> If I'm reading that correctly, it does not help with the filtering issues at
> all, since it needs exactly the same kind of filter. Daniel explained the
> concept far better than I.
I didn't mean to imply that it does, merely that it fits your rather
terse description of a "daemon that runs as root, accepting commands
over a unix domain socket or similar."
--
Jeremy Stanley
More information about the OpenStack-dev
mailing list