On Wed, Jun 13, 2012 at 04:35:19PM +0800, xiaxia347os wrote:
> There are still some sudo calls in vdsm, mostly calls misc.exec with
> sudo=True. Instead of adding interfaces for each call, how about changing the
> misc.exec() to let it contact supervdsm when sudo=True? This could leave
> existing sudo call code unchanged.
> I wonder why supervdsm exposes many small functions, maybe a function like
> supervdsm.exec() may solve all? If the root action need to be limitted, may
> be we can give a command list check in supervdsm.exec() to restrict vdsm's
> behavior.
Yes, the whole point of using supervdsm instead of sudo is to limit
vdsm's root usage. Only limitted, self-contained functionality should be
exposed, nothing like the
@MV_PATH@ /etc/multipath.conf *
we currently have in our sudoers.d/vdsm. The obvious implementation is a
function-per-use-case. If you have another idea, that maintains security
while avoiding repetitiveness, go ahead and suggest it. Nothing comes up
to my mind. supervdsm.exec() with a limited set of application is not it
- it is even worse than the current regexp approach of sudoer.d.
Dan.
_______________________________________________
vdsm-devel mailing list
vdsm-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/vdsm-devel
