oslo_privsep.daemon
Module¶Privilege separation (“privsep”) daemon.
To ease transition this supports 2 alternative methods of starting the daemon, all resulting in a helper process running with elevated privileges and open socket(s) to the original process:
Start via fork()
Assumes process currently has all required privileges and is about to drop them (perhaps by setuid to an unprivileged user). If the the initial environment is secure and PrivContext.start(Method.FORK) is called early in main(), then this is the most secure and simplest. In particular, if the initial process is already running as non-root (but with sufficient capabilities, via eg suitable systemd service files), then no part needs to involve uid=0 or sudo.
Start via sudo/rootwrap
This starts the privsep helper on first use via sudo and rootwrap, and communicates via a temporary Unix socket passed on the command line. The communication channel is briefly exposed in the filesystem, but is protected with file permissions and connecting to it only grants access to the unprivileged process. Requires a suitable entry in sudoers or rootwrap.conf filters.
The privsep daemon exits when the communication channel is closed, (which usually occurs when the unprivileged process exits).
oslo_privsep.daemon.
Daemon
(channel, context)¶Bases: object
NB: This doesn’t fork() - do that yourself before calling run()
loop
()¶Main body of daemon request loop
run
()¶Run request loop. Sets up environment, then calls loop()
oslo_privsep.daemon.
FailedToDropPrivileges
¶Bases: Exception
oslo_privsep.daemon.
ForkingClientChannel
(context)¶Bases: oslo_privsep.daemon._ClientChannel
oslo_privsep.daemon.
Message
¶Bases: enum.IntEnum
Types of messages sent across the communication channel
CALL
= 3¶ERR
= 5¶LOG
= 6¶PING
= 1¶PONG
= 2¶RET
= 4¶oslo_privsep.daemon.
PrivsepLogHandler
(channel, processName=None)¶Bases: logging.Handler
emit
(record)¶oslo_privsep.daemon.
ProtocolError
¶Bases: Exception
oslo_privsep.daemon.
RootwrapClientChannel
(context)¶Bases: oslo_privsep.daemon._ClientChannel
oslo_privsep.daemon.
StdioFd
¶Bases: enum.IntEnum
An enumeration.
STDERR
= 2¶STDIN
= 0¶STDOUT
= 1¶oslo_privsep.daemon.
fdopen
(fd, *args, **kwargs)¶oslo_privsep.daemon.
helper_main
()¶Start privileged process, serving requests over a Unix socket.
oslo_privsep.daemon.
replace_logging
(handler, log_root=None)¶oslo_privsep.daemon.
set_cloexec
(fd)¶oslo_privsep.daemon.
setgid
(group_id_or_name)¶oslo_privsep.daemon.
setuid
(user_id_or_name)¶Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.