Do you mean euca_rootwrap as implemented like this: http://www.sfr- fresh.com/linux/misc/eucalyptus-2.0.2-src- online.tar.gz:a/eucalyptus-2.0.2/util/euca_rootwrap.c?
Unless I'm missing something, this will execute any command with full root privileges, which completely defeats the point of privilege separation. Using sudo is pretty horrible, but at least it can enforce that only a few named commands may be run. Using euca_rootwrap would be hardly any more secure than just running the nova daemons as root. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/681774 Title: nova_sudoers is brittle, should use proper rootwrap -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
