Volume discovery and local storage management lib

You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Tree: a642901282

master

stable/queens

stable/rocky

stable/stein

stable/train

stable/ussuri

stable/victoria

stable/wallaby

stable/xena

stable/yoga

0.1.0

0.1.1

0.2.0

0.3.0

0.3.1

0.3.2

0.4.0

0.5.0

0.6.0

0.7.0

0.8.0

1.0.0

1.1.0

1.10.0

1.11.0

1.11.1

1.12.0

1.13.0

1.13.1

1.14.0

1.15.0

1.15.1

1.15.2

1.15.3

1.15.4

1.15.5

1.15.6

1.15.7

1.15.8

1.15.9

1.2.0

1.3.0

1.4.0

1.5.0

1.6.0

1.6.1

1.6.2

1.7.0

1.8.0

1.9.0

2.0.0

2.1.0

2.1.1

2.10.0

2.10.1

2.10.2

2.10.3

2.10.4

2.10.5

2.10.6

2.10.7

2.11.0

2.2.0

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.3.9

2.4.0

2.5.0

2.5.1

2.5.10

2.5.2

2.5.3

2.5.4

2.5.5

2.5.6

2.5.7

2.5.8

2.5.9

2.6.0

2.6.1

2.6.2

2.7.0

2.8.0

2.8.1

2.8.2

2.8.3

2.8.4

2.8.5

2.8.6

2.8.7

2.9.0

2.9.1

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.1.0

3.2.0

3.2.1

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.1.0

4.2.0

4.3.0

4.3.1

4.3.2

4.3.3

4.4.0

5.0.0

5.0.1

5.0.2

5.1.0

5.2.0

liberty-eol

mitaka-eol

newton-eol

ocata-em

ocata-eol

pike-em

pike-eol

queens-em

rocky-em

stein-em

train-em

ussuri-em

victoria-em

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from 'a642901282'

${ noResults }

os-brick/etc/os-brick/rootwrap.d

History

Angus Lees dbf77fba10 Trivial rootwrap -> privsep replacement ... This change replaces all uses of rootwrap with a trivial privsep-based equivalent. This replacement simply executes commands as the privsep user *without any additional checks*. There are 2 reasons why this is a reasonable thing to do: 1. We don't have a good workflow for merging rootwrap filter changes into parent projects (nova/cinder) for a loosely-coupled library like os-brick. 2. The previous situation was also insecure. The os-brick.filters rootwrap config permitted commands like "dd" and "cp" with any arguments, as root. This would have posed only a mild inconvenience to an attacker. With privsep we can at least (in principle) limit the commands to the privsep uid/gid and Linux capabilities (CAP_SYS_ADMIN by default with this change). This change addresses the urgency of (1). Later refactors will take greater advantage of privsep to address (2). Change-Id: I0af542eba97d2f89b1c283bf1e1e985d9690f5de Depends-On: I90dc41bc77993bd83b80c92286e015e14f290b45 # nova: nova.conf: Set privsep_rootwrap.helper_command Depends-On: I4e333e73ddfd45c045b9d32dac1506fc25858c4d # nova: Add os-brick rootwrap filter for privsep Depends-On: I8a0b1728cc66c4861f69623b1b16b1f759b57b25 # cinder: cinder.conf: Set privsep_rootwrap.helper_command Depends-On: I3b2e337321875cf4abc0ab9b44fe17cf9327d88b # cinder: Add os-brick rootwrap filter for privsep Depends-On: I4299c2fc059807610f83e12a2d470e020930c64c # privsep: Switch to msgpack for serialization Depends-On: Ied1ef4fc945e18516b39d1f20d58425cb633dc74 # requirements: require oslo.privsep>=1.5.0 for msgpack fix		6 years ago
..
os-brick.filters	Trivial rootwrap -> privsep replacement	6 years ago