This change replaces all uses of rootwrap with a trivial privsep-based
equivalent. This replacement simply executes commands as the privsep
user *without any additional checks*.
There are 2 reasons why this is a reasonable thing to do:
1. We don't have a good workflow for merging rootwrap filter changes
into parent projects (nova/cinder) for a loosely-coupled library like
os-brick.
2. The previous situation was also insecure. The os-brick.filters
rootwrap config permitted commands like "dd" and "cp" with any
arguments, as root. This would have posed only a mild inconvenience
to an attacker. With privsep we can at least (in principle) limit
the commands to the privsep uid/gid and Linux
capabilities (CAP_SYS_ADMIN by default with this change).
This change addresses the urgency of (1). Later refactors will take
greater advantage of privsep to address (2).
Change-Id: I0af542eba97d2f89b1c283bf1e1e985d9690f5de
Depends-On: I90dc41bc77993bd83b80c92286e015e14f290b45
# nova: nova.conf: Set privsep_rootwrap.helper_command
Depends-On: I4e333e73ddfd45c045b9d32dac1506fc25858c4d
# nova: Add os-brick rootwrap filter for privsep
Depends-On: I8a0b1728cc66c4861f69623b1b16b1f759b57b25
# cinder: cinder.conf: Set privsep_rootwrap.helper_command
Depends-On: I3b2e337321875cf4abc0ab9b44fe17cf9327d88b
# cinder: Add os-brick rootwrap filter for privsep
Depends-On: I4299c2fc059807610f83e12a2d470e020930c64c
# privsep: Switch to msgpack for serialization
Depends-On: Ied1ef4fc945e18516b39d1f20d58425cb633dc74
# requirements: require oslo.privsep>=1.5.0 for msgpack fix
dbf77fba10