861646d1ba
This includes implementing a first trivial example of how to use privsep to run something as root, specifically the cgroup throttling driver. This code is modelled strongly on how nova has chosen to use privsep. Consistency is probably good here, but it does imply that the cinder team is ok with the decisons nova has made about implementation. Change-Id: Ic401138a10a72cb4b976a1a6aba272cafcb40d8b
15 lines
602 B
YAML
15 lines
602 B
YAML
---
|
|
security:
|
|
- |
|
|
Privsep transitions. Cinder is transitioning from using the older style
|
|
rootwrap privilege escalation path to the new style Oslo privsep path.
|
|
This should improve performance and security of Cinder in the long term.
|
|
- |
|
|
Privsep daemons are now started by Cinder when required. These daemons can
|
|
be started via rootwrap if required. rootwrap configs therefore need to
|
|
be updated to include new privsep daemon invocations.
|
|
upgrade:
|
|
- |
|
|
The following commands are no longer required to be listed in your rootwrap
|
|
configuration: cgcreate; and cgset.
|