There are still some sudo calls in vdsm, mostly calls misc.exec with 
sudo=True. Instead of adding interfaces for each call, how about changing the 
misc.exec() to let it contact supervdsm when sudo=True? This could leave 
existing sudo call code unchanged.
  I wonder why supervdsm exposes many small functions, maybe a function like 
supervdsm.exec() may solve all? If the root action need to be limitted, may be 
we can give a command list check in supervdsm.exec() to restrict vdsm's 

Wenchao Xia
vdsm-devel mailing list

Reply via email to