[PKG-Openstack-devel] Bug#887188: Bug#887188: nova-compute should depend on e2fsprogs explicitly
Andreas Henriksson
andreas at fatal.se
Wed Jan 24 22:46:24 UTC 2018
Hello Thomas Goirand,
On Wed, Jan 24, 2018 at 01:38:01PM +0100, Thomas Goirand wrote:
> Andreas,
>
> rootwrap is just a wrapper around sudo to improve security. So in this
> case, nova-compute really *is* using the above tools, and should depend
> on e2fsprogs. I'll push a change with nova-common depending on it.
As mentioned I spent very little time on trying to understand what
rootwrap is, but it seemed to me like a rootwrap filter would be
similar to having a /etc/sudoers rule that included eg. mke2fs.
Ff that was the case the sudo package still would not depend on
e2fsprogs.... (It would still be the program actually executing
the command that sudoers gives you permission to run that needs the
dependency.) .... but apparently spending 2 seconds is not enough to
correctly understand rootwrap for me. :P
I fully trust you have a much better understanding of this than me,
so thanks for your swift feedback. Looking forward to seeing this fixed
soon!
Regards,
Andreas Henriksson
More information about the Openstack-devel
mailing list