[openstack-dev] [nova] Initial oslo.privsep conversion?
tony at bakeyournoodle.com
Thu Jun 9 23:51:03 UTC 2016
On Fri, Jun 10, 2016 at 08:24:34AM +1000, Michael Still wrote:
> On Fri, Jun 10, 2016 at 7:18 AM, Tony Breeds <tony at bakeyournoodle.com>
> > On Wed, Jun 08, 2016 at 08:10:47PM -0500, Matt Riedemann wrote:
> > > Agreed, but it's the worked example part that we don't have yet,
> > > chicken/egg. So we can drop the hammer on all new things until someone
> > does
> > > it, which sucks, or hope that someone volunteers to work the first
> > example.
> > I'll work with gus to find a good example in nova and have patches up
> > before
> > the mid-cycle. We can discuss next steps then.
> Sorry to be a pain, but I'd really like that example to be non-trivial if
> possible. One of the advantages of privsep is that we can push the logic
> down closer to the privileged code, instead of just doing something "close"
> and then parsing. I think reinforcing that idea in the sample code is
I think *any* change will show that. I wanted to pick something achievable in
the short timeframe.
The example I'm thinking of is nova/virt/libvirt/utils.py:update_mtime()
* It will provide a lot of the boiler plate
* Show that we can now now replace an exec with pure python code.
* Show how you need to retrieve data from a trusted source on the priviledged
* Migrate testing
* Remove an entry from compute.filters
Once that's implace chown() in the same file is probably a quick fix.
Is it super helpful? does it have a measurable impact on performance, security?
The answer is probably "no"
I still think it has value.
Handling qemu-img is probably best done by creating os-qemu (or similar) and
designing from the ground up with provsep in mind. Glance and Cinder would
benefit from that also. That howveer is waaay to big for this cycle.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: not available
More information about the OpenStack-dev