On 06/14/2016 06:11 PM, Angus Lees wrote:
Yep (3) is quite possible, and the only reason it doesn't just do this
already is because there's no way to find the name of the rootwrap
command to use (from any library, privsep or os-brick) - and I was never
very happy with the current need to specify a command line in
oslo.config purely for this lame reason.
As Sean points out, all the others involve some sort of configuration
change preceding the code. I had imagined rollouts would work by
pushing out the harmless conf or sudoers change first, but hadn't
appreciated the strict change phases imposed by grenade (and ourselves).
If all "end-application" devs are happy calling something like (3)
before the first privileged operation occurs, then we should be good. I
might even take the opportunity to phrase it as a general privsep.init()
function, and then we can use it for any other top-of-main()
privilege-setup steps that need to be taken in the future.
That sounds promising. It would be fine to emit a warning if it only was
using the default, asking people to make a configuration change to make
it go away. We're totally good with things functioning with warnings
after transitions, that ops can adjust during their timetable.
-Sean
--
Sean Dague
http://dague.net
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
