There are still some sudo calls in vdsm, mostly calls misc.exec with 
sudo=True. Instead of adding interfaces for each call, how about changing the 
misc.exec() to let it contact supervdsm when sudo=True? This could leave 
existing sudo call code unchanged.
  I wonder why supervdsm exposes many small functions, maybe a function like 
supervdsm.exec() may solve all? If the root action need to be limitted, may be 
we can give a command list check in supervdsm.exec() to restrict vdsm's 
behavior.


Wenchao Xia
  
_______________________________________________
vdsm-devel mailing list
vdsm-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/vdsm-devel

Reply via email to