Hi, all: In this wiki, http://wiki.openstack.org/Nova/Rootwrap, the part of "security model" results in "This chain ensures that the nova user itself is not in control of the configuration or modules used by the nova-rootwrap executable". I understand that chain but I`m confused with this conclusion.
That chain means that a nova-rootwrap executable runs safely under root-control. In another word, the program nova-rootwrap runs is protected by root, and it cannot be influenced by other users. But that conclusion implies that the insecurity model is *nova* user is in control by someone. This is what I'm confused with.
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
