At Thu, 13 Mar 2014 07:48:53 -0700, Aaron Rosen wrote: > > [1 <multipart/alternative (7bit)>] > [1.1 <text/plain; ISO-8859-1 (7bit)>] > The easiest/quickest thing to do for ice house would probably be to run the > initial sync in parallel like the dhcp-agent does for this exact reason. > See: https://review.openstack.org/#/c/28914/ which did this for thr > dhcp-agent. > > Best, > > Aaron > On Thu, Mar 13, 2014 at 12:18 PM, Miguel Angel Ajo <[email protected]>wrote: > > > > Yuri, could you elaborate your idea in detail? , I'm lost at some > > points with your unix domain / token authentication. > > > > Where does the token come from?, > > > > Who starts rootwrap the first time? > > > > If you could write a full interaction sequence, on the etherpad, from > > rootwrap daemon start ,to a simple call to system happening, I think that'd > > help my understanding. > > > Here it is: https://etherpad.openstack.org/p/rootwrap-agent > Please take a look.
I've added a couple of security-related comments (pickle decoding and token leak) on the etherpad. Please check. -- IWAMOTO Toshihiro _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
