Better filter around running kill as root
Bug #918226 reported by
Thierry Carrez
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Wishlist
|
Thierry Carrez |
Bug Description
Nova is allowed to run kill as root, to be allowed to stop/restart dnsmasq and radvd.
We should restrict what we allow the nova user to do as root to the strict minimum.
Changed in nova: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
It would be really nice if nova could be launched without any root privileges.