[openstack-dev] [Nova] Moving the virt_mkfs flags to privsep
Michael Still
mikal at stillhq.com
Wed Nov 8 06:30:51 UTC 2017
That does work for me, except it means I'll still need to port it to
privsep to hit my goal of no rootwrap in Queens. I can live with that.
Michael
On Wed, Nov 8, 2017 at 4:54 PM, Matt Riedemann <mriedemos at gmail.com> wrote:
> On 11/8/2017 12:24 PM, Michael Still wrote:
>
>> Hi,
>>
>> a really really long time ago (think 2011), we added support in Nova for
>> configuring the mkfs commands that are run for new ephemeral disks using
>> the virt_mkfs command. The current implementation is in
>> nova/virt/disk/api.py for your reading pleasure.
>>
>> I'm battling a little with how to move this code to privsep, because I
>> have resisted providing any method which just takes a command line and runs
>> it with escalated permissions, as I feel this defeats the purpose of
>> privsep.
>>
>> I could just pickup all the command line parsing code and move it into
>> privsep, but I am left wondering if anyone actually uses this
>> functionality, or if we should just deprecate it all?
>>
>> I'd appreciate your thoughts.
>>
>> Michael
>>
>>
>> ____________________________________________________________
>> ______________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscrib
>> e
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
> Let's deprecate it, put a warning in the logs if it's used in Queens,
> deprecation release note and then remove it in Rocky.
>
> Does that work for you?
>
> --
>
> Thanks,
>
> Matt
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20171108/de87a473/attachment.html>
More information about the OpenStack-dev
mailing list