OpenStack Compute (Nova)

More secure root wrapper

Registered by Thierry Carrez on 2011-08-17

Nova needs root access for a number of actions, and currently does so through sudo. Each distribution needs to provide its own sudoers file in packaging, and sudoers offers suboptimal filtering of allowed actions, potentially providing a privilege escalation path.

This spec continues the work started in Diablo (refactoring the privilege escalation mechanism) by proposing a more secure root wrapper that allows:

* Precise filtering of arguments
* Drop privileges to a lower-privileged user

We'll aslo take this opportunity to review all uses of privilege escalation and get rid of unneeded ones, as well as separate commands into multiple filter profiles (by node type).

Blueprint information

Status:
Complete
Approver:
Vish Ishaya
Priority:
Medium
Drafter:
Thierry Carrez
Direction:
Approved
Assignee:
Thierry Carrez
Definition:
Approved
Series goal:
Accepted for essex
Implementation:
Implemented
Milestone target:
milestone icon 2012.1
Started by
Thierry Carrez on 2011-10-21
Completed by
Thierry Carrez on 2011-12-08

Related branches

Sprints

Whiteboard

Work items:
* Implement python-based filter
* Review all uses of sudo and get rid of unneeded ones
* Separate commands into multiple filter profiles (by node type)

Review of current sudo usage at: http://etherpad.openstack.org/orlnj06Gn7

Gerrit topic: https://review.openstack.org/#q,topic:bp/nova-rootwrap,n,z

Addressed by: https://review.openstack.org/2101
    A more secure root-wrapper alternative

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.