Open Stack

Yuriy Taraday wrote:
> We can do "#includedir /etc/nova/sudoers.d" from sudoers as well.
> I think, a solution with a separate conf/dir for rootwrap is a step
> back to sudo.

Except that sudo/sudoers does not allow argument filtering or more
complex filters, which is the main reason nova-rootwrap was proposed as
an alternate root escalation filtering mechanism.

-- 
Thierry Carrez (ttx)
Release Manager, OpenStack