openstack/oslo.rootwrap

OpenStack library for rootwrap

Go to file

Daniel Alvarez ed125c0c1c Make IpNetnsExecFilter more strict to detect aliases Currently, this filter only takes into account 'ip netns exec' as input but this command accepts different aliases like 'ip net e' or 'ip netn ex', etcetera. This is a security issue since bypassing this filter basically allows anyone to execute arbitary commands because IpFilter will get hit and there's not going to be any further checks against CommandFilters. Change-Id: I2f6e55de4e60f2d3a6166c2fefbc31e9afc6c26f Closes-Bug: 1765734 Co-Authored-By: Jakub Libosvar <jlibosva@redhat.com> Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>		2018-05-10 12:40:29 +00:00
benchmark	Update to support running benchmark on python3	2018-04-04 11:40:23 -04:00
doc	Updated from global requirements	2018-03-15 07:50:39 +00:00
etc	Allow rootwrap-daemon to timeout and exit	2017-03-02 10:58:04 +09:00
oslo_rootwrap	Make IpNetnsExecFilter more strict to detect aliases	2018-05-10 12:40:29 +00:00
releasenotes	Update reno for stable/queens	2018-01-24 18:07:26 +00:00
.gitignore	Add reno for release notes management	2016-06-30 09:59:31 +00:00
.gitreview	Add .gitreview for oslo.rootwrap	2013-11-27 15:22:57 +01:00
.testr.conf	Add standalone project packaging support files	2013-11-21 16:25:23 +01:00
.zuul.yaml	add lower-constraints job	2018-03-24 21:02:51 -04:00
CONTRIBUTING.rst	Workflow documentation is now in infra-manual	2014-12-05 03:30:39 +00:00
LICENSE	Add standalone project packaging support files	2013-11-21 16:25:23 +01:00
lower-constraints.txt	fix lower constraints and uncap eventlet	2018-04-12 10:48:11 -04:00
README.rst	Update links in README	2018-02-28 01:35:47 +08:00
requirements.txt	Updated from global requirements	2017-11-16 11:21:52 +00:00
setup.cfg	Treat doc warnings as errors	2018-01-08 11:47:18 -06:00
setup.py	Updated from global requirements	2017-03-03 00:03:18 +00:00
test-requirements.txt	fix lower constraints and uncap eventlet	2018-04-12 10:48:11 -04:00
tox.ini	set default python to python3	2018-04-13 16:05:18 -04:00

README.rst

Team and repository tags

oslo.rootwrap -- Escalated Permission Control

oslo.rootwrap allows fine-grained filtering of shell commands to run as root from OpenStack services.

License: Apache License, Version 2.0
Documentation: https://docs.openstack.org/oslo.rootwrap/latest/
Source: https://git.openstack.org/cgit/openstack/oslo.rootwrap
Bugs: https://bugs.launchpad.net/oslo.rootwrap