[openstack-dev] [neutron] proposal to resolve a rootwrap problem for XenServer
Ihar Hrachyshka
ihrachys at redhat.com
Wed Nov 2 08:11:07 UTC 2016
Tony Breeds <tony at bakeyournoodle.com> wrote:
> On Tue, Nov 01, 2016 at 12:45:43PM +0100, Ihar Hrachyshka wrote:
>
>> I suggested in the bug and the PoC review that neutron is not the right
>> project to solve the issue. Seems like oslo.rootwrap is a better place to
>> maintain privilege management code for OpenStack. Ideally, a solution
>> would
>> be found in scope of the library that would not require any changes
>> per-project.
>
> With the change of direction from oslo.roowrap to oslo.provsep I doubt that
> there is scope to land this in oslo.rootwarp.
It may take a while for projects to switch to caps for privilege
separation. It may be easier to unblock xen folks with a small enhancement
in oslo.rootwrap scope and handle transition to oslo.privsep on a separate
schedule. I would like to hear from oslo folks on where alternative
hypervisors fit in their rootwrap/privsep plans.
Ihar
More information about the OpenStack-dev
mailing list