Comment 4 for bug 681774
Revision history for this message
| Thierry Carrez (ttx) wrote Re: nova_sudoers is brittle, should use proper rootwrap | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
There are, in fact, three issues.
1/ The current sudoers file is way too permissive. It gives access to so many unrestricted commands that the nova user is as powerful as the root user.
2/ The sudoers setup is a bit brittle because it assumes things about your /etc/sudoers ("must include /etc/sudoers.d").
3/ Whenever a code change in nova introduces the need for a new "sudo" command, the packages fail to introduce in parallel the needed change in the sudoers file, mainly because those are two separate code bases with two separate sets of developers working on it.
Options include:
* Strengthening the nova_sudoers file (precisely limiting options for every command) would address (1)
* Shipping the nova_sudoers in Nova code, or generating it automatically at package-build time, would address (3)
* Writing a specific command wrapper in Nova would address (1) and (3), but suffers of a bit NIH
Not sure what's the best way to care about (2), or if we should just assume a sane sudoers.d support.
Another layer would be to ship apparmor profiles in Ubuntu packaging, though we would encounter issue (3) again.