Yea, the current scheme is less the optimal. What really needs to happen is having VDSM starts as root, fork(), have the child set[ug]id to vdsm and have the parent become supervdsm.
----- Original Message ----- > From: "Royce Lv" <lvroyce0...@gmail.com> > To: vdsm-devel@lists.fedorahosted.org > Sent: Sunday, May 20, 2012 11:27:01 PM > Subject: [vdsm] constrain call supervdsm only to vdsm process > > > Hi guys, > Went through current code and found calling > supervdsm(function:getProxy()) is only called from threads of vdsm, > and supervdsm can be called from other processes in current scheme. > My plan to change supervdsm and vdsm startup process is meant to > limit call of getProxy only to vdsm process and its threads, that is > to say not allow subprocesses and other process to call super vdsm. > I know we are going to move all the "sudo " to supervdsm, So I want > to ask if my plan will make constraints to these or introduce other > troubles? > Thanks for your answer! > > _______________________________________________ > vdsm-devel mailing list > vdsm-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/vdsm-devel > _______________________________________________ vdsm-devel mailing list vdsm-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/vdsm-devel
