f535e8bb99
I don't particularly care about this use case (although the localfs code should perhaps go away), but it was a nice contained example of a privsep user which wasn't just calling a command line. This patch also starts to layout what an API to the privsep'd code might look like. For now its modelled on python's os module, because that's where all the operations we perform are coming from. The rootwrap configuration is cleaned up as we remove users. Co-Authored-By: Tony Breeds <tony@bakeyournoodle.com> Change-Id: I911cc51a226d6af29d63a7a2c69253de870073e9
10 lines
455 B
YAML
10 lines
455 B
YAML
---
|
|
security:
|
|
Privsep transitions. Nova is transitioning from using the older style
|
|
rootwrap privilege escalation path to the new style Oslo privsep path.
|
|
This should improve performance and security of Nova in the long term.
|
|
- |
|
|
privsep daemons are now started by nova when required. These daemons can
|
|
be started via rootwrap if required. rootwrap configs therefore need to
|
|
be updated to include new privsep daemon invocations.
|