On 07/25/2013 04:40 PM, Mike Wilson wrote: > In my opinion: > > 1. Stop using rootwrap completely and get strong argument checking > support into sudo (regex). > 2. Some sort of long lived rootwrap process, either forked by the > service that want's to shell out or a general purpose rootwrapd type thing. > > I prefer #1 because it's surprising that sudo doesn't do this type of > thing already. It _must_ be something that everyone wants. But #2 may be > quicker and easier to implement, my $.02.
We could do #1 and keep rootwrap around as the fallback if the local version of sudo doesn't support what we need. -- Russell Bryant _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
