[openstack-dev] [neutron] proposal to resolve a rootwrap problem for XenServer

Ihar Hrachyshka ihrachys at redhat.com
Wed Nov 2 08:11:07 UTC 2016

Tony Breeds <tony at bakeyournoodle.com> wrote:

> On Tue, Nov 01, 2016 at 12:45:43PM +0100, Ihar Hrachyshka wrote:
>> I suggested in the bug and the PoC review that neutron is not the right
>> project to solve the issue. Seems like oslo.rootwrap is a better place to
>> maintain privilege management code for OpenStack. Ideally, a solution  
>> would
>> be found in scope of the library that would not require any changes
>> per-project.
> With the change of direction from oslo.roowrap to oslo.provsep I doubt that
> there is scope to land this in oslo.rootwarp.

It may take a while for projects to switch to caps for privilege  
separation. It may be easier to unblock xen folks with a small enhancement  
in oslo.rootwrap scope and handle transition to oslo.privsep on a separate  
schedule. I would like to hear from oslo folks on where alternative  
hypervisors fit in their rootwrap/privsep plans.


More information about the OpenStack-dev mailing list