Hey, Thanks for the explanations! Le mar. 3 déc. 2019 à 10:43, Thierry Carrez <thierry at openstack.org> a écrit : > Matt Riedemann wrote: > > [...] > > I want to say mikal converted everything native to nova from rootwrap to > > privsep and that was completed in Train: > > > > https://docs.openstack.org/releasenotes/nova/train.html#security-issues > > > > "The transition from rootwrap (or sudo) to privsep has been completed > > for nova. The only case where rootwrap is still used is to start privsep > > helpers. All other rootwrap configurations for nova may now be removed." > > > > Looking at what's in the compute.filters file looks like it's all stuff > > for os-brick, but I though os-brick was fully using privsep natively as > > well? Maybe it's just a matter of someone working on this TODO: > > > > > https://opendev.org/openstack/nova/src/branch/master/etc/nova/rootwrap.d/compute.filters#L16 > > That's great news! I'll have a deeper look and propose changes if > appropriate. > > Cheers, > > -- > Thierry Carrez (ttx) > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20191203/f51a020a/attachment.html>