Apply PAM security limits by running daemons through su
Daemons launched from OCF scripts inherit default resource limits. It
could confuse users and cause resource allocation fail under heavy load.
We should run daemons requiring root privileges through su - root -c, so
limits from limits.conf would be enforced. To make it easier to
implement, a new wrapper "ocf_run_as_root" is implemented in
ocf-fuel-funcs.
Reviewed: https:/ /review. openstack. org/275275 /git.openstack. org/cgit/ openstack/ fuel-library/ commit/ ?id=65eca547606 edceedc15d8fadf d1e5822ba9f1f6
Committed: https:/
Submitter: Jenkins
Branch: master
commit 65eca547606edce edc15d8fadfd1e5 822ba9f1f6
Author: Dmitry Bilunov <email address hidden>
Date: Thu Jan 21 12:07:59 2016 +0300
Apply PAM security limits by running daemons through su
Daemons launched from OCF scripts inherit default resource limits. It
could confuse users and cause resource allocation fail under heavy load.
We should run daemons requiring root privileges through su - root -c, so
limits from limits.conf would be enforced. To make it easier to
implement, a new wrapper "ocf_run_as_root" is implemented in
ocf-fuel-funcs.
Change-Id: Iea56e4d08a2c1f 92500129210d79e 4b1fe04e3fd
Closes-Bug: #1429553