fdb32096ab
On Python 2.x, a subprocess.Popen() with close_fds=True will
fork and then close filedescriptors range(3..os.sysconf("SC_OPEN_MAX")),
which thanks to Kernel PTI (Kaiser patches) is significantly slower
in 2018 when the range is very large. With a soft limit of 1048576,
benchmark.py reports an overhead of ~ 400ms without this patch and 2ms
with the patch applied. This patch adds a configuration option and
leaves it disabled for the stable/* backports to not change default
behavior.
Also includes Ben Nemec's release note entry, adjusted for the stable
backport. This is Ib29e96307caa39c21936f216d9aed7907e7a7331 for master.
Also includes I2391315f77718a3c9eb9fc8c03a6882237f33548 from master.
Also includes I3b481ddd14ae2b948270d715aad157cf3996def7 from master.
(cherry picked from commit
|
||
|---|---|---|
| benchmark | ||
| doc | ||
| etc | ||
| oslo_rootwrap | ||
| releasenotes | ||
| .gitignore | ||
| .gitreview | ||
| .testr.conf | ||
| .zuul.yaml | ||
| CONTRIBUTING.rst | ||
| LICENSE | ||
| README.rst | ||
| lower-constraints.txt | ||
| requirements.txt | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
README.rst
Team and repository tags
oslo.rootwrap -- Escalated Permission Control
oslo.rootwrap allows fine-grained filtering of shell commands to run as root from OpenStack services.
- License: Apache License, Version 2.0
- Documentation: https://docs.openstack.org/oslo.rootwrap/latest/
- Source: https://git.openstack.org/cgit/openstack/oslo.rootwrap
- Bugs: https://bugs.launchpad.net/oslo.rootwrap