There are still some sudo calls in vdsm, mostly calls misc.exec with
sudo=True. Instead of adding interfaces for each call, how about changing the
misc.exec() to let it contact supervdsm when sudo=True? This could leave
existing sudo call code unchanged.
I wonder why supervdsm exposes many small functions, maybe a function like
supervdsm.exec() may solve all? If the root action need to be limitted, may be
we can give a command list check in supervdsm.exec() to restrict vdsm's
vdsm-devel mailing list