2012-06-18 19:47:28 |
Mark McLoughlin |
description |
I've just realized that part of the security model for rootwrap is that e.g. the compute rules should not be installed on the API server.
A basic rule of packaging - at least on Fedora - is that installing a package shouldn't change the configuration of the system. You might have all services installed on an API server, but only the API service running, and that should not mean that the API service has permission to run all commands allowed for other services.
Basically, I think the invocation of rootwrap should specify which services' rules to load. |
I've just realized that part of the security model for rootwrap is that e.g. the compute rules should not be installed on the API server.
A basic rule of packaging - at least on Fedora - is that installing a package shouldn't change the configuration of the system. You might have all services installed on an API server, but only the API service running, and that should not mean that the API service has permission to run all commands allowed for other services.
Also, even if you have multiple services running on the one, that shouldn't mean that those services share the same rules.
Basically, I think the invocation of rootwrap should specify which services' rules to load. |
|