On Wed, Jun 13, 2012 at 04:35:19PM +0800, xiaxia347os wrote:
>   There are still some sudo calls in vdsm, mostly calls misc.exec with 
> sudo=True. Instead of adding interfaces for each call, how about changing the 
> misc.exec() to let it contact supervdsm when sudo=True? This could leave 
> existing sudo call code unchanged.
>   I wonder why supervdsm exposes many small functions, maybe a function like 
> supervdsm.exec() may solve all? If the root action need to be limitted, may 
> be we can give a command list check in supervdsm.exec() to restrict vdsm's 
> behavior.

Yes, the whole point of using supervdsm instead of sudo is to limit
vdsm's root usage. Only limitted, self-contained functionality should be
exposed, nothing like the

    @MV_PATH@ /etc/multipath.conf *

we currently have in our sudoers.d/vdsm. The obvious implementation is a
function-per-use-case. If you have another idea, that maintains security
while avoiding repetitiveness, go ahead and suggest it. Nothing comes up
to my mind. supervdsm.exec() with a limited set of application is not it
- it is even worse than the current regexp approach of sudoer.d.

vdsm-devel mailing list

Reply via email to