We spent some time at the OSSG mid-cycle meet-up this week discussing root 
wrap, looking at the existing code, and considering some of the mailing list 

Summary of our discussions:

The one line summary is we like the idea of a privileged daemon with higher 
level interfaces to the commands being run. It has a number of advantages such 
as easier to audit, enables better input sanitization, cleaner interfaces, and 
easier to take advantage of Linux capabilities, SELinux, AppArmour, etc. The 
write-up has some more details.

Lucas Fisher
Senior Security Software Engineer | Nebula Inc.

OpenStack Development Mailing List (not for usage questions)

Reply via email to