Public bug reported:
Cinder, Neutron and Nova use rootwrappers that allow selected commands
to be executed with root privileges via sudo. If an adminstrator chooses
to enable sudo logging for security reasons, this will cause a lot of
files being created, leading to filled up file systems pretty fast. This
could be circumvented by changing the entry in
/etc/sudoers.d/cinder_sudoers like this:
--- /etc/sudoers.d/cinder_sudoers 2016-03-30 11:20:28.000000000 +0000
+++ /etc/sudoers.d/cinder_sudoers.new 2016-04-01 09:31:36.811807794 +0000
@@ -1,3 +1,3 @@
Defaults:cinder !requiretty
-cinder ALL = (root) NOPASSWD: /usr/bin/cinder-rootwrap
/etc/cinder/rootwrap.conf *
+cinder ALL = (root) NOPASSWD: NOLOG_INPUT: NOLOG_OUTPUT:
/usr/bin/cinder-rootwrap /etc/cinder/rootwrap.conf *
and similarly for nova and neutron.
** Affects: cinder (Ubuntu)
Importance: Undecided
Status: New
** Affects: neutron (Ubuntu)
Importance: Undecided
Status: New
** Affects: nova (Ubuntu)
Importance: Undecided
Status: New
** Also affects: nova (Ubuntu)
Importance: Undecided
Status: New
** Also affects: neutron (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1564812
Title:
Disable sudo io logging for rootwrap
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cinder/+bug/1564812/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
