This is a step in the right direction (regex arg filtering is better than filename-glob filtering), but I think this probably needs to have even more logic built in. For example, running "ip ... $interface ..." might need logic to have the wrapper look up the interface and decide if it is actually a nova-controlled interface, etc. Overall, the trajectory for this design looks fine -- there is a well-defined boundary between "nova" and "root". Continuing to get it even more highly specified is the right way to go.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/801501 Title: [MIR] nova To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/801501/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs