Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-15

Privsep hardening

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • None
    • openstack-nova
    • None
    • secure privladge escalation in nova
    • False
    • Hide

      None

      Show
      None
    • False
    • Proposed
    • Proposed
    • To Do
    • Proposed
    • Proposed
    • 2023Q2
    • Red Hat OpenStack Services on OpenShift (formerly Red Hat OpenStack Platform)

      The oslo.privsep lib provides a framework to restrict privileges when invoking
      elevated commands which is used by many OpenStack services.

      nova was the first project converted as a reference to others for how to implement presep in an existing large project however the implementation was highly flawed by design https://bugs.launchpad.net/oslo.privsep/+bug/1989008

      we have known about this limitation for year and how to address it but it has never been prioritised

      we should correct this in osp 19.

              Unassigned Unassigned
              smooney@redhat.com Sean Mooney
              rhos-workloads-compute
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: