Yuriy Taraday wrote: > Another option would be to allow rootwrap to run in daemon mode and > provide RPC interface. This way Neutron can spawn rootwrap (with its > CPython startup overhead) once and send new commands to be run later > over UNIX socket. > This way we won't need learn new language (C/C++), adopt new toolchain > (RPython, Cython, whatever else) and still get secure way to run > commands with root priviledges.
Note that the whole concept behind rootwrap is to limit the amount of code that runs with elevated privileges. If you end up running a full service as root which imports as many libraries as the rest of OpenStack services, then you should seriously consider switching to running your root-heavy service as root directly, because it won't make that much of a difference. I'm not closing the door to a persistent implementation... Just saying that in order to be useful, it needs to be as minimal as possible (both in amount of code written and code imported) and as simple as possible (so that its security model can be easily proven safe). -- Thierry Carrez (ttx) _______________________________________________ OpenStack-dev mailing list OpenStackfirstname.lastname@example.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev