2013/12/9 Kurt Griffiths <[email protected]> > This list of features makes me *very* nervous from a security > standpoint. Are we talking about giving an agent an arbitrary shell command > or file to install, and it goes and does that, or are we simply triggering > a preconfigured action (at the time the agent itself was installed)? > > I believe the agent must execute only a set of preconfigured actions exactly due to security reasons. It should be up to the using project (Savanna/Trove) to decide which actions must be exposed by the agent.
> From: Steven Dake <[email protected]> > Reply-To: OpenStack Dev <[email protected]> > Date: Monday, December 9, 2013 at 11:41 AM > To: OpenStack Dev <[email protected]> > > Subject: Re: [openstack-dev] Unified Guest Agent proposal > > In terms of features: > * run shell commands > * install files (with selinux properties as well) > * create users and groups (with selinux properties as well) > * install packages via yum, apt-get, rpm, pypi > * start and enable system services for systemd or sysvinit > * Install and unpack source tarballs > * run scripts > * Allow grouping, selection, and ordering of all of the above operations > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
