Go to file

Angus Lees dbf77fba10 Trivial rootwrap -> privsep replacement

This change replaces all uses of rootwrap with a trivial privsep-based
equivalent.  This replacement simply executes commands as the privsep
user *without any additional checks*.

There are 2 reasons why this is a reasonable thing to do:

1. We don't have a good workflow for merging rootwrap filter changes
   into parent projects (nova/cinder) for a loosely-coupled library like
   os-brick.

2. The previous situation was also insecure.  The os-brick.filters
   rootwrap config permitted commands like "dd" and "cp" with any
   arguments, as root.  This would have posed only a mild inconvenience
   to an attacker.  With privsep we can at least (in principle) limit
   the commands to the privsep uid/gid and Linux
   capabilities (CAP_SYS_ADMIN by default with this change).

This change addresses the urgency of (1).   Later refactors will take
greater advantage of privsep to address (2).

Change-Id: I0af542eba97d2f89b1c283bf1e1e985d9690f5de
Depends-On: I90dc41bc77993bd83b80c92286e015e14f290b45
 # nova: nova.conf: Set privsep_rootwrap.helper_command
Depends-On: I4e333e73ddfd45c045b9d32dac1506fc25858c4d
 # nova: Add os-brick rootwrap filter for privsep
Depends-On: I8a0b1728cc66c4861f69623b1b16b1f759b57b25
 # cinder: cinder.conf: Set privsep_rootwrap.helper_command
Depends-On: I3b2e337321875cf4abc0ab9b44fe17cf9327d88b
 # cinder: Add os-brick rootwrap filter for privsep
Depends-On: I4299c2fc059807610f83e12a2d470e020930c64c
 # privsep: Switch to msgpack for serialization
Depends-On: Ied1ef4fc945e18516b39d1f20d58425cb633dc74
 # requirements: require oslo.privsep>=1.5.0 for msgpack fix

2016-04-15 15:29:25 +00:00

doc/source

Add reno for release notes management

2016-01-20 19:19:36 -06:00

etc/os-brick/rootwrap.d

Trivial rootwrap -> privsep replacement

2016-04-15 15:29:25 +00:00

os_brick

Trivial rootwrap -> privsep replacement

2016-04-15 15:29:25 +00:00

releasenotes

Update reno for stable/mitaka

2016-03-11 14:57:33 -05:00

tools

Add pylint tox env

2016-04-04 18:02:19 -04:00

.coveragerc

Change ignore-errors to ignore_errors

2015-09-21 14:41:31 +00:00

.gitignore

Add pylint tox env

2016-04-04 18:02:19 -04:00

.gitreview

Correct project name in .gitreview

2015-03-18 13:00:51 +01:00

.mailmap

Created the Brick library from Cinder

2015-01-22 19:09:30 +00:00

.testr.conf

Created the Brick library from Cinder

2015-01-22 19:09:30 +00:00

babel.cfg

Created the Brick library from Cinder

2015-01-22 19:09:30 +00:00

CONTRIBUTING.rst

Update the documentation for os-brick

2015-02-19 14:37:13 -08:00

HACKING.rst

Created the Brick library from Cinder

2015-01-22 19:09:30 +00:00

LICENSE

Created the Brick library from Cinder

2015-01-22 19:09:30 +00:00

MANIFEST.in

Created the Brick library from Cinder

2015-01-22 19:09:30 +00:00

pylintrc

Add pylint tox env

2016-04-04 18:02:19 -04:00

README.rst

Add fancy pypi version and download images

2015-09-15 15:52:10 +00:00

requirements.txt

Trivial rootwrap -> privsep replacement

2016-04-15 15:29:25 +00:00

setup.cfg

remove python 2.6 trove classifier

2015-12-23 01:31:13 +00:00

setup.py

Updated from global requirements

2015-09-17 12:15:39 +00:00

test-requirements.txt

Updated from global requirements

2016-04-07 15:26:47 +00:00

tox.ini

Merge "Don't use oslo-incubator stuff"

2016-04-05 20:32:20 +00:00

README.rst

brick

OpenStack Cinder brick library for managing local volume attaches

Features

Discovery of volumes being attached to a host for many transport protocols.
Removal of volumes from a host.

Hacking

Hacking on brick requires python-gdbm (for Debian derived distributions), Python 2.7 and Python 3.4. A recent tox is required, as is a recent virtualenv (13.1.0 or newer).

If "tox -e py34" fails with the error "db type could not be determined", remove the .testrepository/ directory and then run "tox -e py34".

For any other imformation, refer to the parent project, Cinder:: https://github.com/openstack/cinder

License: Apache License, Version 2.0
Source: http://git.openstack.org/cgit/openstack/os-brick
Bugs: http://bugs.launchpad.net/os-brick