Sean Dague wrote: > [...] > After we brought that up in the room, we started going through other > options. Someone brought up "what about making rootwrap always do this > for privsep, instead of manually doing this for every project", and I > volunteered to look at the code to figure out how hard it would be. That > patch is up at https://review.openstack.org/344450.
I replied (removing my -1) on the review. Just a few answers to the specific questions: > I think the path forward here is about the following questions: > > 1) how important are seamless upgrades in our vision? Very > 2) are root wrap rules supposed to be config (which is manually audited > by installers)? They are code, but were config files in the original design, and that default persisted over time in some (most?) distros. > 3) is the software supposed to take into account and adapt to the rules > not being there (or disabled by an auditor)? Depends on what you mean by software... > 4) does always letting rootwrap call privsep regress our near term > security in any real way (given the flaws in existing rules)? Only for hypothetical non-OpenStack users, and only slightly. > 5) what will most quickly allow us to transition into a non rootwrap > world, with a privsep architecture that will give us a better security > model? Probably your patch, since it makes rootwrap a deprecated transitional library enabling privsep. Which is fine as long as nobody else used rootwrap (or all those hypothetical users would migrate to privsep). In summary: I can live with the patch as proposed, as long as Angus is fine with it. -- Thierry Carrez (ttx) __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
