Apply PAM security limits by running daemons through su
Daemons launched from OCF scripts inherit default resource limits. It
could confuse users and cause resource allocation fail under heavy load.
We should run daemons requiring root privileges through su - root -c, so
limits from limits.conf would be enforced. To make it easier to
implement, a new wrapper "ocf_run_as_root" is implemented in
ocf-fuel-funcs.
Change-Id: Iea56e4d08a2c1f92500129210d79e4b1fe04e3fd
Closes-Bug: #1429553
(cherry picked from commit 65eca547606edceedc15d8fadfd1e5822ba9f1f6)
Reviewed: https:/ /review. openstack. org/275579 /git.openstack. org/cgit/ openstack/ fuel-library/ commit/ ?id=464f57d51dd 165f40a57121790 e29df3f9616fc2
Committed: https:/
Submitter: Jenkins
Branch: stable/8.0
commit 464f57d51dd165f 40a57121790e29d f3f9616fc2
Author: Dmitry Bilunov <email address hidden>
Date: Thu Jan 21 12:07:59 2016 +0300
Apply PAM security limits by running daemons through su
Daemons launched from OCF scripts inherit default resource limits. It
could confuse users and cause resource allocation fail under heavy load.
We should run daemons requiring root privileges through su - root -c, so
limits from limits.conf would be enforced. To make it easier to
implement, a new wrapper "ocf_run_as_root" is implemented in
ocf-fuel-funcs.
Change-Id: Iea56e4d08a2c1f 92500129210d79e 4b1fe04e3fd edc15d8fadfd1e5 822ba9f1f6)
Closes-Bug: #1429553
(cherry picked from commit 65eca547606edce