9bf606327d
Specifically, the goal here is to provide a default that can use rootwrap. This change implements a `priv_context.init` function that allows oslo.privsep to hook into the startup of programs using oslo.privsep. The intention is to call this function near the top of main() - after oslo.config is available but before anything "interesting" is performed. In this change, this init function just allows you to set the default "run as root" prefix for helper_command to include something like rootwrap. In the future, it is expected to use this same call point to do other "early" tasks like immediately forking privileged helpers and dropping root if already running as root. Change-Id: I3ea73e16b07a870629e7d69e897f2524d7068ae8 Partial-Bug: #1592043
oslo.privsep
OpenStack library for privilege separation
This library helps applications perform actions which require more or less privileges than they were started with in a safe, easy to code and easy to use manner. For more information on why this is generally a good idea please read over the principle of least privilege and the specification which created this library.
- Free software: Apache license
- Documentation: http://docs.openstack.org/developer/oslo.privsep
- Source: http://git.openstack.org/cgit/openstack/oslo.privsep
- Bugs: http://bugs.launchpad.net/oslo.privsep