On Wed, Jun 13, 2012 at 04:35:19PM +0800, xiaxia347os wrote: > There are still some sudo calls in vdsm, mostly calls misc.exec with > sudo=True. Instead of adding interfaces for each call, how about changing the > misc.exec() to let it contact supervdsm when sudo=True? This could leave > existing sudo call code unchanged. > I wonder why supervdsm exposes many small functions, maybe a function like > supervdsm.exec() may solve all? If the root action need to be limitted, may > be we can give a command list check in supervdsm.exec() to restrict vdsm's > behavior.
Yes, the whole point of using supervdsm instead of sudo is to limit vdsm's root usage. Only limitted, self-contained functionality should be exposed, nothing like the @MV_PATH@ /etc/multipath.conf * we currently have in our sudoers.d/vdsm. The obvious implementation is a function-per-use-case. If you have another idea, that maintains security while avoiding repetitiveness, go ahead and suggest it. Nothing comes up to my mind. supervdsm.exec() with a limited set of application is not it - it is even worse than the current regexp approach of sudoer.d. Dan. _______________________________________________ vdsm-devel mailing list vdsm-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/vdsm-devel