The cinder.openstack.common.rootwrap.cmd Module

Root wrapper for OpenStack services

Filters which commands a service is allowed to run as another user.

To use this with cinder, you should set the following in cinder.conf: rootwrap_config=/etc/cinder/rootwrap.conf

You also need to let the cinder user run cinder-rootwrap as root in sudoers: cinder ALL = (root) NOPASSWD: /usr/bin/cinder-rootwrap

/etc/cinder/rootwrap.conf *

Service packaging should deploy .filters files only on nodes where they are needed, to avoid allowing more than is necessary.

main()

Previous topic

The cinder.openstack.common.processutils Module

Next topic

The cinder.openstack.common.rootwrap.filters Module

This Page