← Back to team overview

openstack team mailing list archive

Re: Question on nova disk injection...

 

Python is a scripting language. To get setuid work, you usually have
to give the setuid permission to /usr/bin/python which is a big no no.

One work around is to have a customized compiled program (e.g. from
C), which takes a python file as input, do all kinds of sanity check,
and switch to root user to execute Python. But in that case it's not
that much more appealing from the rootwrap.

my 2c.
Yun

On Tue, Jun 5, 2012 at 5:42 PM, Joshua Harlow <harlowja@xxxxxxxxxxxxx> wrote:
> Hi all,
>
> Just some questions that I had about how nova is doing disk injection and
> such.
>
> I was noticing that it the main disk/api.py does a lot of tee, cat and
> similar commands. Is there any reason it couldn’t just use the standard
> python open and write data and such.
>
> Is it because of sudo access (which is connected to rootwrap?), just
> wondering since it seems sort of odd that to write a file there a tee call
> has to be done with piped input, when python already has file operators and
> such...
>
> Thx!
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>


Follow ups

References