Description
OpenStack listens to requests over the network, and (when appropriate) performs operations on the host that require root superpowers. Following best-practice design, most of the code runs as an unprivileged user and only the code that needs additional powers runs as root using a tool called "rootwrap".
This talk discusses the evolution that led to the current rootwrap design, why it has proven to be completely inadequate in practice, and presents a new "privsep" alternative currently being worked on within Oslo.