On 13 Feb 2015 17:42, "Angus Lees" <[email protected]> wrote: > > So inspired by the "Rootwrap on root-intensive nodes" thread, I went and wrote a proof-of-concept privsep daemon for neutron: https://review.openstack.org/#/c/155631 > There's nothing neutron-specific in the core mechanism and it could easily be moved out into a common (oslo) library and reused across other projects.
Bravo. More conceptual than a code review my questions are. msgpack rather than protobuf ? Given your previous experience there I'm just curious. Are you concerned that commands might call into less trusted areas of code? Would it make sense to have the privileged commands be separate somehow to avoid this? Rob
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
