)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"35179251e12c11d6eff736c2cd2cf0ebb2ca7f05","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"86a10790_3d90c4da","updated":"2022-11-23 14:15:01.000000000","message":"ill do a full review later","commit_id":"92e7ebf0b680297577c6e2ce9fc7b32cc3acf0d9"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"b65f527f420c5e9851ebc42faad7eda2b26a9a56","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"3989cf9d_b927747f","in_reply_to":"86a10790_3d90c4da","updated":"2022-11-23 14:19:32.000000000","message":"Ok, thanks","commit_id":"92e7ebf0b680297577c6e2ce9fc7b32cc3acf0d9"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"9c89f7fac1def194ac5b13e4a23d8ebfa01fb146","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"8d802d0c_a2524057","updated":"2022-12-14 17:50:31.000000000","message":"I don\u0027t see anything controversial here.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"476060f0f41e8490376be847bf0b53912f34ae9f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"143e8054_67a868ce","updated":"2022-12-15 09:35:35.000000000","message":"i want to make this more concrete as to what will be done,\n\ni do not want to detail the context that will be used by each function in the spec\nbut i want to define the initial context and provide a better example fo the best practice that will be implemented. i have detailed that with inline comments.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"131d8ecc77c457892fa17fedb7a05b4e19aff0d3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"08f70c31_0024e272","updated":"2022-12-16 17:56:12.000000000","message":"+1 over all with some minor nits \ni think we need more eye form other on the core team but in general i think this is ok \n\ni will be on PTO form today and will not be around next week to follow up.\n\nsince i think most of the remaining issues coudl be adressed at implemation time with a follow up atch to udpate the spec fi required ill actully leave a +2 so sylvain or gibi can proceed with merging this if they are also happy with that.","commit_id":"49e8cd425a1d5e5624cf08c8c0a0599477a14bf4"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"f19bbf91d1a3f0266ee7813b1a810c29a3628d20","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"68d7008e_e795dfac","updated":"2022-12-19 11:30:00.000000000","message":"Added gibi as a substitute for sean while they are on PTO.","commit_id":"ee8c837d28f709d91fe6ac42485ffdba44a9359f"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"867f4445a020fd3da7f6829e48c5d4a90178983a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"d91dcb23_15ba1f6c","updated":"2022-12-19 12:07:49.000000000","message":"im ok with the general direction of this as an initial start on hardening the usage or privsep.","commit_id":"ee8c837d28f709d91fe6ac42485ffdba44a9359f"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"72f750e8e193fe0f17d91afaab210d02e4e6e4a3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"ac6b10c6_7aec9590","updated":"2023-01-12 09:10:11.000000000","message":"Looks good. Thanks @Jorge!","commit_id":"5a1771227f1307d8458d394977db824ff5160897"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2ba98ec0e8de154e85c487dcf433f40228aead42","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"07c53fe5_ce279094","updated":"2023-01-11 17:16:48.000000000","message":"reading my +2 im still ok with the latest version.","commit_id":"5a1771227f1307d8458d394977db824ff5160897"}],"specs/2023.1/approved/privsep-usage-review.rst":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"35179251e12c11d6eff736c2cd2cf0ebb2ca7f05","unresolved":true,"context_lines":[{"line_number":48,"context_line":"For the rest, a custom per case profile will need to be defined."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"If possible, profiles could be defined within each of the modules that use"},{"line_number":51,"context_line":"them, instead of in ``__init__.py`` like now, in order to reduce their scope."},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"Alternatives"},{"line_number":54,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"65c73195_06e39c37","line":51,"updated":"2022-11-23 14:15:01.000000000","message":"no they profiels should be defiend in the root of the nova module\n\neach profile quires a diffent privsep deamon ot handel it and having them per modules would signifcantly increae the memory usage of nova.\n\nteh function that are privaldated should be in teh diffent moduels that use them\n\nwith common code shared but not marked as privaladged.","commit_id":"f5547a19058d09085c7f91b160178945d28c4924"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0c9e89dcd0e1b80fe67a445c6c713f5be944591c","unresolved":false,"context_lines":[{"line_number":48,"context_line":"For the rest, a custom per case profile will need to be defined."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"If possible, profiles could be defined within each of the modules that use"},{"line_number":51,"context_line":"them, instead of in ``__init__.py`` like now, in order to reduce their scope."},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"Alternatives"},{"line_number":54,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"4c4ef7b0_dc464dbd","line":51,"in_reply_to":"62215e8d_85f11d01","updated":"2022-12-16 17:49:19.000000000","message":"Ack","commit_id":"f5547a19058d09085c7f91b160178945d28c4924"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"d501303ac05e2c2feaa28a738d2b249b12fc7f5e","unresolved":true,"context_lines":[{"line_number":48,"context_line":"For the rest, a custom per case profile will need to be defined."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"If possible, profiles could be defined within each of the modules that use"},{"line_number":51,"context_line":"them, instead of in ``__init__.py`` like now, in order to reduce their scope."},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"Alternatives"},{"line_number":54,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"62215e8d_85f11d01","line":51,"in_reply_to":"65c73195_06e39c37","updated":"2022-11-25 08:08:18.000000000","message":"I see. I have rewritten the paragraph to reflect this. Please, take a look.","commit_id":"f5547a19058d09085c7f91b160178945d28c4924"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"6982f8a72e4de2f6b0a3f3de897322511ffdd7ff","unresolved":true,"context_lines":[{"line_number":84,"context_line":"Performance Impact"},{"line_number":85,"context_line":"------------------"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"Incorrect mapping of elevated capabilities may result on failing system "},{"line_number":88,"context_line":"commands."},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Other deployer impact"}],"source_content_type":"text/x-rst","patch_set":2,"id":"ad4c6b9b_05446f93","line":87,"updated":"2022-11-23 14:17:23.000000000","message":"this is not really a performance impact\n\nthsi is a correctness requiremnt and we wont be able to merge the new code until it works correclty.\n\nour privsep usage and the capablity uses is not a configuration point for an operator so the only way for this to be mapped incorrectly is if the code is broken.","commit_id":"92e7ebf0b680297577c6e2ce9fc7b32cc3acf0d9"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0c9e89dcd0e1b80fe67a445c6c713f5be944591c","unresolved":false,"context_lines":[{"line_number":84,"context_line":"Performance Impact"},{"line_number":85,"context_line":"------------------"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"Incorrect mapping of elevated capabilities may result on failing system "},{"line_number":88,"context_line":"commands."},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Other deployer impact"}],"source_content_type":"text/x-rst","patch_set":2,"id":"37db5015_fd1707b8","line":87,"in_reply_to":"95b0cf9d_df00ff15","updated":"2022-12-16 17:49:19.000000000","message":"Ack","commit_id":"92e7ebf0b680297577c6e2ce9fc7b32cc3acf0d9"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"d501303ac05e2c2feaa28a738d2b249b12fc7f5e","unresolved":true,"context_lines":[{"line_number":84,"context_line":"Performance Impact"},{"line_number":85,"context_line":"------------------"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"Incorrect mapping of elevated capabilities may result on failing system "},{"line_number":88,"context_line":"commands."},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Other deployer impact"}],"source_content_type":"text/x-rst","patch_set":2,"id":"95b0cf9d_df00ff15","line":87,"in_reply_to":"ad4c6b9b_05446f93","updated":"2022-11-25 08:08:18.000000000","message":"All right, I have removed the line then. \n\nI had my doubts on it too, but just to make sure I ended up making the comment.","commit_id":"92e7ebf0b680297577c6e2ce9fc7b32cc3acf0d9"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"126cdee7ac9f010669d3e0ed78507c4c1666a29f","unresolved":true,"context_lines":[{"line_number":20,"context_line":"Problem description"},{"line_number":21,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Nova compute services use the oslo-privsep library to obtain some root"},{"line_number":24,"context_line":"privileges on the host system with the intention of invoking commands on"},{"line_number":25,"context_line":"it."},{"line_number":26,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"bbf95013_1e2da441","line":23,"range":{"start_line":23,"start_character":61,"end_line":23,"end_character":70},"updated":"2022-12-01 11:34:14.000000000","message":"elevated","commit_id":"b85533972f060c4d4b4cc4ef4e45ae865f1f9b96"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0c9e89dcd0e1b80fe67a445c6c713f5be944591c","unresolved":false,"context_lines":[{"line_number":20,"context_line":"Problem description"},{"line_number":21,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Nova compute services use the oslo-privsep library to obtain some root"},{"line_number":24,"context_line":"privileges on the host system with the intention of invoking commands on"},{"line_number":25,"context_line":"it."},{"line_number":26,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"9206e78a_73ea3b98","line":23,"range":{"start_line":23,"start_character":61,"end_line":23,"end_character":70},"in_reply_to":"5ceeaed5_e312637a","updated":"2022-12-16 17:49:19.000000000","message":"Ack","commit_id":"b85533972f060c4d4b4cc4ef4e45ae865f1f9b96"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"abe05e3e75061f68ee35e84cb665ee72f9d3b49e","unresolved":true,"context_lines":[{"line_number":20,"context_line":"Problem description"},{"line_number":21,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Nova compute services use the oslo-privsep library to obtain some root"},{"line_number":24,"context_line":"privileges on the host system with the intention of invoking commands on"},{"line_number":25,"context_line":"it."},{"line_number":26,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"5ceeaed5_e312637a","line":23,"range":{"start_line":23,"start_character":61,"end_line":23,"end_character":70},"in_reply_to":"bbf95013_1e2da441","updated":"2022-12-02 11:36:16.000000000","message":"Fixed","commit_id":"b85533972f060c4d4b4cc4ef4e45ae865f1f9b96"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"126cdee7ac9f010669d3e0ed78507c4c1666a29f","unresolved":true,"context_lines":[{"line_number":35,"context_line":"Use Cases"},{"line_number":36,"context_line":"---------"},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"As a developer, I want to have a fined tuned method for acquiring root rights."},{"line_number":39,"context_line":"As an admin, I want Nova to use root as little as possible."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"Proposed change"}],"source_content_type":"text/x-rst","patch_set":5,"id":"3ba1dddf_74d738c9","line":38,"range":{"start_line":38,"start_character":66,"end_line":38,"end_character":70},"updated":"2022-12-01 11:34:14.000000000","message":"technially is is not correct we dont aquire root rights. we span a deamon that has elevated privlages but we use the linux Capablities framework to restrict what those are.\n\nrootwarp was the predicseoor that was full root but restricted to a set of predetermins commands.\n\nthose are two very different security models.","commit_id":"b85533972f060c4d4b4cc4ef4e45ae865f1f9b96"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"abe05e3e75061f68ee35e84cb665ee72f9d3b49e","unresolved":true,"context_lines":[{"line_number":35,"context_line":"Use Cases"},{"line_number":36,"context_line":"---------"},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"As a developer, I want to have a fined tuned method for acquiring root rights."},{"line_number":39,"context_line":"As an admin, I want Nova to use root as little as possible."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"Proposed change"}],"source_content_type":"text/x-rst","patch_set":5,"id":"8ce0cd1b_daa48979","line":38,"range":{"start_line":38,"start_character":66,"end_line":38,"end_character":70},"in_reply_to":"3ba1dddf_74d738c9","updated":"2022-12-02 11:36:16.000000000","message":"I have replaced it for \u0027acquiring capabilities\u0027 then. I believe it fits better now.","commit_id":"b85533972f060c4d4b4cc4ef4e45ae865f1f9b96"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0c9e89dcd0e1b80fe67a445c6c713f5be944591c","unresolved":false,"context_lines":[{"line_number":35,"context_line":"Use Cases"},{"line_number":36,"context_line":"---------"},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"As a developer, I want to have a fined tuned method for acquiring root rights."},{"line_number":39,"context_line":"As an admin, I want Nova to use root as little as possible."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"Proposed change"}],"source_content_type":"text/x-rst","patch_set":5,"id":"e3e9c34a_d8552b6c","line":38,"range":{"start_line":38,"start_character":66,"end_line":38,"end_character":70},"in_reply_to":"8ce0cd1b_daa48979","updated":"2022-12-16 17:49:19.000000000","message":"Ack","commit_id":"b85533972f060c4d4b4cc4ef4e45ae865f1f9b96"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"126cdee7ac9f010669d3e0ed78507c4c1666a29f","unresolved":true,"context_lines":[{"line_number":45,"context_line":"``nova.privsep``. First step is to study and map each with the capabilities"},{"line_number":46,"context_line":"they require. Next, a set of profiles can be defined for common use cases,"},{"line_number":47,"context_line":"such as network or system rights, and cover with them as much as possible."},{"line_number":48,"context_line":"For the rest, a custom per case profile will need to be defined."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"Profiles are defined under the ``__init__.py`` package module, while"},{"line_number":51,"context_line":"consuming functions are distributed through the rest."}],"source_content_type":"text/x-rst","patch_set":5,"id":"213ebdff_3cc645ec","line":48,"range":{"start_line":48,"start_character":0,"end_line":48,"end_character":64},"updated":"2022-12-01 11:34:14.000000000","message":"we cannot do this\n\neach privsep context maps to an instance of the privsep deamon\nthat consume memory so while we can have a few context we cant have many contexts\n\nif we have a funtion that need both netadmin and sysadmin that shoudl ideally be seperated into two functions.\n\nif it cant be then teh current context that provides the system network and file capablities shoudl be used until we can come up with a better solution.\n\n\ncurrenlty we have 1 context for nova. after this spec we shoudl have 4 but no more then that.","commit_id":"b85533972f060c4d4b4cc4ef4e45ae865f1f9b96"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"abe05e3e75061f68ee35e84cb665ee72f9d3b49e","unresolved":true,"context_lines":[{"line_number":45,"context_line":"``nova.privsep``. First step is to study and map each with the capabilities"},{"line_number":46,"context_line":"they require. Next, a set of profiles can be defined for common use cases,"},{"line_number":47,"context_line":"such as network or system rights, and cover with them as much as possible."},{"line_number":48,"context_line":"For the rest, a custom per case profile will need to be defined."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"Profiles are defined under the ``__init__.py`` package module, while"},{"line_number":51,"context_line":"consuming functions are distributed through the rest."}],"source_content_type":"text/x-rst","patch_set":5,"id":"f8504eed_1782d036","line":48,"range":{"start_line":48,"start_character":0,"end_line":48,"end_character":64},"in_reply_to":"213ebdff_3cc645ec","updated":"2022-12-02 11:36:16.000000000","message":"I have adapted the paragraph to your comments and also added another one detailing that we are limited in the number of profiles.","commit_id":"b85533972f060c4d4b4cc4ef4e45ae865f1f9b96"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0c9e89dcd0e1b80fe67a445c6c713f5be944591c","unresolved":false,"context_lines":[{"line_number":45,"context_line":"``nova.privsep``. First step is to study and map each with the capabilities"},{"line_number":46,"context_line":"they require. Next, a set of profiles can be defined for common use cases,"},{"line_number":47,"context_line":"such as network or system rights, and cover with them as much as possible."},{"line_number":48,"context_line":"For the rest, a custom per case profile will need to be defined."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"Profiles are defined under the ``__init__.py`` package module, while"},{"line_number":51,"context_line":"consuming functions are distributed through the rest."}],"source_content_type":"text/x-rst","patch_set":5,"id":"38a3468d_892dacba","line":48,"range":{"start_line":48,"start_character":0,"end_line":48,"end_character":64},"in_reply_to":"f8504eed_1782d036","updated":"2022-12-16 17:49:19.000000000","message":"Ack","commit_id":"b85533972f060c4d4b4cc4ef4e45ae865f1f9b96"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"126cdee7ac9f010669d3e0ed78507c4c1666a29f","unresolved":true,"context_lines":[{"line_number":53,"context_line":"For the sake of improving usability, shared code found across the package\u0027s"},{"line_number":54,"context_line":"functions should be extracted into their own, unmarked as privileged. This"},{"line_number":55,"context_line":"will provide developers with two entry points to the executed underlying"},{"line_number":56,"context_line":"commands: one specialized that runs under privsep and another more generic one"},{"line_number":57,"context_line":"that does not. This adds flexibility as the developer gets the choice to"},{"line_number":58,"context_line":"whether request elevated rights to run a command or not."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":5,"id":"b523b6aa_eee9865c","line":57,"range":{"start_line":56,"start_character":9,"end_line":57,"end_character":14},"updated":"2022-12-01 11:34:14.000000000","message":"that not quite how it should work.\n\n\nwe shoudld have generic functions with wide contracts that are not privileged.\nand specific function with narrow contracts that are privileged.\n\ne.g.\n\ndef write_file(path,data, mode): \n  # unprivladged function that can wite any data to any location if the current user has permission to do so\n  ...\n  \ndef chown(path, user_group_string)\n  os.chown(path, user_group_string)\n  \n@privsep_file_context\ndef privileged_write_tpm_data(instance_uuid:uuid,data:string)\n   if not util.is_uuid(instnace_uuid):\n     raise ValueError(\"the instance uuid is not a valid uuid\")\n   path \u003d os.path.join(CONF.instance_state,instance_uuid,\"tpm_data.txt\")\n   write_file(path,data,600)\n   chown(path,\"qemu:qemu\")\n   \n   \nwrite_file has a broad contract becuase it can take any path and any data or mode\nprivladged_write_tpm_data has a narrow contract because it only accpts the minium input that is reqoured for ti to work. in this case the instance uuid and the tpm data\n\nthe path is generated internally so the privileged fucntion cannot be used to write to arbitary localtion. the privileged function can validate its inputs to make sure it conforms to the narrow contract and raise an excption without needitn to enbed that knoladge in teh generic function.\n\nits also imporant that the write_file and chown funciton are seperate.\ncreating a file with a speicic mode and data is a sepreate operation form changing the owner.\n\nif we are creating a file as the currnet user that write_file method can be used form an unprivaldged fucntion. we only need to do the privileged escaltion if we are creatign it as another user or overriting a file our current user dose not own.\n\nthe other important thing is we do not want to have a privladge and unprivldaged version of every funciton taht a developer will chose form.\n\nthe there shoudl be a singel version fo the unplivedged funciton taht is reused\nand then if you need to esclate privladgeds you should create a privileged_ function in the module where it is to be used. ideally thos woudl not be imported into other modules becuase they shoudl be targed/small enough that they dont really have common reusable code.\n\nby the wya i cant actully spell privladged constinetly or correctly so assume its incorrect any time i type it and spell it properly :)","commit_id":"b85533972f060c4d4b4cc4ef4e45ae865f1f9b96"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"abe05e3e75061f68ee35e84cb665ee72f9d3b49e","unresolved":true,"context_lines":[{"line_number":53,"context_line":"For the sake of improving usability, shared code found across the package\u0027s"},{"line_number":54,"context_line":"functions should be extracted into their own, unmarked as privileged. This"},{"line_number":55,"context_line":"will provide developers with two entry points to the executed underlying"},{"line_number":56,"context_line":"commands: one specialized that runs under privsep and another more generic one"},{"line_number":57,"context_line":"that does not. This adds flexibility as the developer gets the choice to"},{"line_number":58,"context_line":"whether request elevated rights to run a command or not."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":5,"id":"f760005a_5c56ec92","line":57,"range":{"start_line":56,"start_character":9,"end_line":57,"end_character":14},"in_reply_to":"b523b6aa_eee9865c","updated":"2022-12-02 11:36:16.000000000","message":"Yes, I did not get this the first time around. It is a good idea to have simple utility functions from which to build the specialized ones from. I have rewritten the paragraph to reflect this.\n\nThanks a lot for your comments.","commit_id":"b85533972f060c4d4b4cc4ef4e45ae865f1f9b96"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0c9e89dcd0e1b80fe67a445c6c713f5be944591c","unresolved":false,"context_lines":[{"line_number":53,"context_line":"For the sake of improving usability, shared code found across the package\u0027s"},{"line_number":54,"context_line":"functions should be extracted into their own, unmarked as privileged. This"},{"line_number":55,"context_line":"will provide developers with two entry points to the executed underlying"},{"line_number":56,"context_line":"commands: one specialized that runs under privsep and another more generic one"},{"line_number":57,"context_line":"that does not. This adds flexibility as the developer gets the choice to"},{"line_number":58,"context_line":"whether request elevated rights to run a command or not."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":5,"id":"37853204_970fce8f","line":57,"range":{"start_line":56,"start_character":9,"end_line":57,"end_character":14},"in_reply_to":"f760005a_5c56ec92","updated":"2022-12-16 17:49:19.000000000","message":"Ack","commit_id":"b85533972f060c4d4b4cc4ef4e45ae865f1f9b96"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"476060f0f41e8490376be847bf0b53912f34ae9f","unresolved":true,"context_lines":[{"line_number":21,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Nova compute services use the oslo-privsep library to obtain elevated"},{"line_number":24,"context_line":"privileges on the host system with the intention of invoking commands on"},{"line_number":25,"context_line":"it."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Thing is, current usage of the library by Nova does not follow good practices."},{"line_number":28,"context_line":"A single permission profile is shared by all functions that make use of the"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3db12e6b_28827baf","line":25,"range":{"start_line":24,"start_character":30,"end_line":25,"end_character":3},"updated":"2022-12-15 09:35:35.000000000","message":"this is not actully the intetion.\n\nwe somethime obtain elevated permissions to invoke commands with those permmisions\n\nideally we would never invoke a command we use privsep to invoke python functions. nova functions and libaries functions are prefered over command for multiple reasons one being restricting our dependcies.\n\n\nso for example write_file might look like this\n\n```\ndef write_file(path: str, data: str \u003d None, mode: str \u003d \u0027w\u0027) -\u003e ty.Optional[str]:\n    try:\n        with open(path, mode\u003d\u0027w\u0027) as fd:\n            fd.write(data)\n    except (OSError, ValueError) as e:\n        LOG.debug(e)\n```     \n\nwe are using pythons open function to open the file and get a file descriptor \nand then the write function to write the data via that file descriptor.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0c9e89dcd0e1b80fe67a445c6c713f5be944591c","unresolved":false,"context_lines":[{"line_number":21,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Nova compute services use the oslo-privsep library to obtain elevated"},{"line_number":24,"context_line":"privileges on the host system with the intention of invoking commands on"},{"line_number":25,"context_line":"it."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Thing is, current usage of the library by Nova does not follow good practices."},{"line_number":28,"context_line":"A single permission profile is shared by all functions that make use of the"}],"source_content_type":"text/x-rst","patch_set":6,"id":"4159102a_fdfb935d","line":25,"range":{"start_line":24,"start_character":30,"end_line":25,"end_character":3},"in_reply_to":"2613e01c_6ce312cc","updated":"2022-12-16 17:49:19.000000000","message":"Ack","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"04414f314a136cb492c8fa445df065f408bb06a9","unresolved":true,"context_lines":[{"line_number":21,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Nova compute services use the oslo-privsep library to obtain elevated"},{"line_number":24,"context_line":"privileges on the host system with the intention of invoking commands on"},{"line_number":25,"context_line":"it."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Thing is, current usage of the library by Nova does not follow good practices."},{"line_number":28,"context_line":"A single permission profile is shared by all functions that make use of the"}],"source_content_type":"text/x-rst","patch_set":6,"id":"2613e01c_6ce312cc","line":25,"range":{"start_line":24,"start_character":30,"end_line":25,"end_character":3},"in_reply_to":"3db12e6b_28827baf","updated":"2022-12-16 13:41:19.000000000","message":"Done.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"476060f0f41e8490376be847bf0b53912f34ae9f","unresolved":true,"context_lines":[{"line_number":24,"context_line":"privileges on the host system with the intention of invoking commands on"},{"line_number":25,"context_line":"it."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Thing is, current usage of the library by Nova does not follow good practices."},{"line_number":28,"context_line":"A single permission profile is shared by all functions that make use of the"},{"line_number":29,"context_line":"library, and this one aggregates all capabilities required by the entirety of"},{"line_number":30,"context_line":"them. This means that because of a function that operates over files, another"},{"line_number":31,"context_line":"one that does nothing over them will get rights over the filesystem as their"},{"line_number":32,"context_line":"profile is shared. This may lead to unexpected behaviors on the system that"},{"line_number":33,"context_line":"can be avoided if just enough capabilities are used on each case."},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"Use Cases"},{"line_number":36,"context_line":"---------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"35c42729_9060d2ad","line":33,"range":{"start_line":27,"start_character":0,"end_line":33,"end_character":65},"updated":"2022-12-15 09:35:35.000000000","message":"Current usage of Privsep by Nova follow the best practices that was recommended by\nthe privsep lib when it was first created. 1 create a dedicated module for privladed function, 2 create a single context and restrict its usage to that module, 3 \nlimit the scope of privileged functions and reuse them form non privaded code.\n\nBased on usage of the lib over they years it has become clear that this approach is\nneither secure or desirable to continue. In the current design a single permission profile is shared by all functions that make use of the library, and this one aggregates all capabilities required by the entirety of privileged functions.\n\nThis means that because of a function that operates over files, another\none that does nothing over them will get rights over the filesystem as their\nprofile is shared. This may lead to unexpected behaviors on the system that\ncan be avoided if just enough capabilities are used on each case.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"04414f314a136cb492c8fa445df065f408bb06a9","unresolved":true,"context_lines":[{"line_number":24,"context_line":"privileges on the host system with the intention of invoking commands on"},{"line_number":25,"context_line":"it."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Thing is, current usage of the library by Nova does not follow good practices."},{"line_number":28,"context_line":"A single permission profile is shared by all functions that make use of the"},{"line_number":29,"context_line":"library, and this one aggregates all capabilities required by the entirety of"},{"line_number":30,"context_line":"them. This means that because of a function that operates over files, another"},{"line_number":31,"context_line":"one that does nothing over them will get rights over the filesystem as their"},{"line_number":32,"context_line":"profile is shared. This may lead to unexpected behaviors on the system that"},{"line_number":33,"context_line":"can be avoided if just enough capabilities are used on each case."},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"Use Cases"},{"line_number":36,"context_line":"---------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"89ee8cf7_d94f31f6","line":33,"range":{"start_line":27,"start_character":0,"end_line":33,"end_character":65},"in_reply_to":"35c42729_9060d2ad","updated":"2022-12-16 13:41:19.000000000","message":"Done.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0c9e89dcd0e1b80fe67a445c6c713f5be944591c","unresolved":false,"context_lines":[{"line_number":24,"context_line":"privileges on the host system with the intention of invoking commands on"},{"line_number":25,"context_line":"it."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Thing is, current usage of the library by Nova does not follow good practices."},{"line_number":28,"context_line":"A single permission profile is shared by all functions that make use of the"},{"line_number":29,"context_line":"library, and this one aggregates all capabilities required by the entirety of"},{"line_number":30,"context_line":"them. This means that because of a function that operates over files, another"},{"line_number":31,"context_line":"one that does nothing over them will get rights over the filesystem as their"},{"line_number":32,"context_line":"profile is shared. This may lead to unexpected behaviors on the system that"},{"line_number":33,"context_line":"can be avoided if just enough capabilities are used on each case."},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"Use Cases"},{"line_number":36,"context_line":"---------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"607bc6b5_25248cd7","line":33,"range":{"start_line":27,"start_character":0,"end_line":33,"end_character":65},"in_reply_to":"89ee8cf7_d94f31f6","updated":"2022-12-16 17:49:19.000000000","message":"Ack","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"476060f0f41e8490376be847bf0b53912f34ae9f","unresolved":true,"context_lines":[{"line_number":41,"context_line":"Proposed change"},{"line_number":42,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"Considering that all functions that use the privsep library are found under"},{"line_number":45,"context_line":"``nova.privsep``. First step is to study and map each with the capabilities"},{"line_number":46,"context_line":"they require. Next, a set of profiles can be defined for common use cases,"},{"line_number":47,"context_line":"such as network or system rights, and cover with them as much as possible."}],"source_content_type":"text/x-rst","patch_set":6,"id":"a63ac48d_a301000b","line":44,"range":{"start_line":44,"start_character":0,"end_line":44,"end_character":11},"updated":"2022-12-15 09:35:35.000000000","message":"Given","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0c9e89dcd0e1b80fe67a445c6c713f5be944591c","unresolved":false,"context_lines":[{"line_number":41,"context_line":"Proposed change"},{"line_number":42,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"Considering that all functions that use the privsep library are found under"},{"line_number":45,"context_line":"``nova.privsep``. First step is to study and map each with the capabilities"},{"line_number":46,"context_line":"they require. Next, a set of profiles can be defined for common use cases,"},{"line_number":47,"context_line":"such as network or system rights, and cover with them as much as possible."}],"source_content_type":"text/x-rst","patch_set":6,"id":"17d02a45_57f6cc7a","line":44,"range":{"start_line":44,"start_character":0,"end_line":44,"end_character":11},"in_reply_to":"16ebc57a_5c57cb97","updated":"2022-12-16 17:49:19.000000000","message":"Ack","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"04414f314a136cb492c8fa445df065f408bb06a9","unresolved":true,"context_lines":[{"line_number":41,"context_line":"Proposed change"},{"line_number":42,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"Considering that all functions that use the privsep library are found under"},{"line_number":45,"context_line":"``nova.privsep``. First step is to study and map each with the capabilities"},{"line_number":46,"context_line":"they require. Next, a set of profiles can be defined for common use cases,"},{"line_number":47,"context_line":"such as network or system rights, and cover with them as much as possible."}],"source_content_type":"text/x-rst","patch_set":6,"id":"16ebc57a_5c57cb97","line":44,"range":{"start_line":44,"start_character":0,"end_line":44,"end_character":11},"in_reply_to":"a63ac48d_a301000b","updated":"2022-12-16 13:41:19.000000000","message":"Changed.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"476060f0f41e8490376be847bf0b53912f34ae9f","unresolved":true,"context_lines":[{"line_number":48,"context_line":"The rest will have to be divided into smaller functions that do fit into one"},{"line_number":49,"context_line":"of those profiles. If that is not possible, then the current all-capable"},{"line_number":50,"context_line":"profile will need to be kept for them until a better solution is found."},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Profiles are defined under the ``__init__.py`` package module, while"},{"line_number":53,"context_line":"consuming functions are distributed through the rest."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"Each newly defined profile will spawn a daemon that consumes resources on the"},{"line_number":56,"context_line":"host. For such reason, no more than 4 profiles may be defined at a single time"}],"source_content_type":"text/x-rst","patch_set":6,"id":"c56bfea9_c39e8bbd","line":53,"range":{"start_line":51,"start_character":0,"end_line":53,"end_character":53},"updated":"2022-12-15 09:35:35.000000000","message":"Privsep profiles will be defiend in https://github.com/openstack/nova/blob/master/nova/__init__.py\n\n```\nlegacy_pctxt \u003d priv_context.PrivContext(\n    \u0027nova\u0027,\n    cfg_section\u003d\u0027nova_sys_admin\u0027,\n    pypath\u003d__name__ + \u0027.legacy_pctxt\u0027,\n    capabilities\u003d[capabilities.CAP_CHOWN,\n                  capabilities.CAP_DAC_OVERRIDE,\n                  capabilities.CAP_DAC_READ_SEARCH,\n                  capabilities.CAP_FOWNER,\n                  capabilities.CAP_NET_ADMIN,\n                  capabilities.CAP_SYS_ADMIN],\n)\n\nsys_admin_pctxt \u003d priv_context.PrivContext(\n    \u0027nova\u0027,\n    cfg_section\u003d\u0027privsep_sys_admin\u0027,\n    pypath\u003d__name__ + \u0027.sys_admin_pctxt\u0027,\n    capabilities\u003d[capabilities.CAP_SYS_ADMIN],\n)\n\nnet_admin_pctxt \u003d priv_context.PrivContext(\n    \u0027nova\u0027,\n    cfg_section\u003d\u0027privsep_net_admin\u0027,\n    pypath\u003d__name__ + \u0027.net_admin_pctxt\u0027,\n    capabilities\u003d[capabilities.CAP_NET_ADMIN],\n)\n\nfile_admin_pctxt \u003d priv_context.PrivContext(\n    \u0027nova\u0027,\n    cfg_section\u003d\u0027privsep_file_admin\u0027,\n    pypath\u003d__name__ + \u0027.file_admin_pctxt\u0027,\n    capabilities\u003d[capabilities.CAP_CHOWN,\n                  capabilities.CAP_DAC_OVERRIDE,\n                  capabilities.CAP_DAC_READ_SEARCH,\n                  capabilities.CAP_FOWNER],\n)\n```\n\nplease add the above to the spec.\n\ni have taken care to make sur etheat the config section do not conflict with existing config sections and that the legacy policy uses the old config section.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"24a675485844e379122a3e542ac5208dd1d86651","unresolved":true,"context_lines":[{"line_number":48,"context_line":"The rest will have to be divided into smaller functions that do fit into one"},{"line_number":49,"context_line":"of those profiles. If that is not possible, then the current all-capable"},{"line_number":50,"context_line":"profile will need to be kept for them until a better solution is found."},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Profiles are defined under the ``__init__.py`` package module, while"},{"line_number":53,"context_line":"consuming functions are distributed through the rest."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"Each newly defined profile will spawn a daemon that consumes resources on the"},{"line_number":56,"context_line":"host. For such reason, no more than 4 profiles may be defined at a single time"}],"source_content_type":"text/x-rst","patch_set":6,"id":"4d4a9d93_63c119ee","line":53,"range":{"start_line":51,"start_character":0,"end_line":53,"end_character":53},"in_reply_to":"264d8d61_81753eb3","updated":"2022-12-19 11:26:00.000000000","message":"Ok, updated following your advice then.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"867f4445a020fd3da7f6829e48c5d4a90178983a","unresolved":false,"context_lines":[{"line_number":48,"context_line":"The rest will have to be divided into smaller functions that do fit into one"},{"line_number":49,"context_line":"of those profiles. If that is not possible, then the current all-capable"},{"line_number":50,"context_line":"profile will need to be kept for them until a better solution is found."},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Profiles are defined under the ``__init__.py`` package module, while"},{"line_number":53,"context_line":"consuming functions are distributed through the rest."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"Each newly defined profile will spawn a daemon that consumes resources on the"},{"line_number":56,"context_line":"host. For such reason, no more than 4 profiles may be defined at a single time"}],"source_content_type":"text/x-rst","patch_set":6,"id":"54799706_38e402c3","line":53,"range":{"start_line":51,"start_character":0,"end_line":53,"end_character":53},"in_reply_to":"4d4a9d93_63c119ee","updated":"2022-12-19 12:07:49.000000000","message":"Ack","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0c9e89dcd0e1b80fe67a445c6c713f5be944591c","unresolved":true,"context_lines":[{"line_number":48,"context_line":"The rest will have to be divided into smaller functions that do fit into one"},{"line_number":49,"context_line":"of those profiles. If that is not possible, then the current all-capable"},{"line_number":50,"context_line":"profile will need to be kept for them until a better solution is found."},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Profiles are defined under the ``__init__.py`` package module, while"},{"line_number":53,"context_line":"consuming functions are distributed through the rest."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"Each newly defined profile will spawn a daemon that consumes resources on the"},{"line_number":56,"context_line":"host. For such reason, no more than 4 profiles may be defined at a single time"}],"source_content_type":"text/x-rst","patch_set":6,"id":"264d8d61_81753eb3","line":53,"range":{"start_line":51,"start_character":0,"end_line":53,"end_character":53},"in_reply_to":"52eb08af_ec30dbfe","updated":"2022-12-16 17:49:19.000000000","message":"yes they shoudl be eventually the nova/privsep module shoudl be removed entirly.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"04414f314a136cb492c8fa445df065f408bb06a9","unresolved":true,"context_lines":[{"line_number":48,"context_line":"The rest will have to be divided into smaller functions that do fit into one"},{"line_number":49,"context_line":"of those profiles. If that is not possible, then the current all-capable"},{"line_number":50,"context_line":"profile will need to be kept for them until a better solution is found."},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Profiles are defined under the ``__init__.py`` package module, while"},{"line_number":53,"context_line":"consuming functions are distributed through the rest."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"Each newly defined profile will spawn a daemon that consumes resources on the"},{"line_number":56,"context_line":"host. For such reason, no more than 4 profiles may be defined at a single time"}],"source_content_type":"text/x-rst","patch_set":6,"id":"52eb08af_ec30dbfe","line":53,"range":{"start_line":51,"start_character":0,"end_line":53,"end_character":53},"in_reply_to":"c56bfea9_c39e8bbd","updated":"2022-12-16 13:41:19.000000000","message":"Will the new profiles be defined on the upmost \u0027__init__.py\u0027 file instead of the one under \u0027nova/privsep\u0027 like it is now? I found that kind of striking.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"9c89f7fac1def194ac5b13e4a23d8ebfa01fb146","unresolved":false,"context_lines":[{"line_number":53,"context_line":"consuming functions are distributed through the rest."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"Each newly defined profile will spawn a daemon that consumes resources on the"},{"line_number":56,"context_line":"host. For such reason, no more than 4 profiles may be defined at a single time"},{"line_number":57,"context_line":"to avoid over encumbering it."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"For the sake of improving usability, shared code found across the package\u0027s"},{"line_number":60,"context_line":"functions should be extracted into their own, unmarked as privileged. These"}],"source_content_type":"text/x-rst","patch_set":6,"id":"9b049efd_2f254b95","line":57,"range":{"start_line":56,"start_character":6,"end_line":57,"end_character":29},"updated":"2022-12-14 17:50:31.000000000","message":"++","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"476060f0f41e8490376be847bf0b53912f34ae9f","unresolved":true,"context_lines":[{"line_number":56,"context_line":"host. For such reason, no more than 4 profiles may be defined at a single time"},{"line_number":57,"context_line":"to avoid over encumbering it."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"For the sake of improving usability, shared code found across the package\u0027s"},{"line_number":60,"context_line":"functions should be extracted into their own, unmarked as privileged. These"},{"line_number":61,"context_line":"shared functions will take care of performing more generic actions, like"},{"line_number":62,"context_line":"\u0027chown\u0027 or \u0027mkdir\u0027, that may not require more than the user\u0027s rights to be"},{"line_number":63,"context_line":"done. By using those, functions relying on privsep will then be specialized"}],"source_content_type":"text/x-rst","patch_set":6,"id":"f1aa9d28_8c5950b9","line":60,"range":{"start_line":59,"start_character":0,"end_line":60,"end_character":68},"updated":"2022-12-15 09:35:35.000000000","message":"For the sake of improving usability, shared code found across the package\u0027s\nfunctions should be extracted into their own, unprivileged functions with broad\ncontracts.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"9c89f7fac1def194ac5b13e4a23d8ebfa01fb146","unresolved":true,"context_lines":[{"line_number":56,"context_line":"host. For such reason, no more than 4 profiles may be defined at a single time"},{"line_number":57,"context_line":"to avoid over encumbering it."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"For the sake of improving usability, shared code found across the package\u0027s"},{"line_number":60,"context_line":"functions should be extracted into their own, unmarked as privileged. These"},{"line_number":61,"context_line":"shared functions will take care of performing more generic actions, like"},{"line_number":62,"context_line":"\u0027chown\u0027 or \u0027mkdir\u0027, that may not require more than the user\u0027s rights to be"},{"line_number":63,"context_line":"done. By using those, functions relying on privsep will then be specialized"}],"source_content_type":"text/x-rst","patch_set":6,"id":"691ef69e_22a305ed","line":60,"range":{"start_line":59,"start_character":0,"end_line":60,"end_character":69},"updated":"2022-12-14 17:50:31.000000000","message":"Technically, they should no longer reside into the nova.privsep package, but for an interim period of time, we could let them be there.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0c9e89dcd0e1b80fe67a445c6c713f5be944591c","unresolved":false,"context_lines":[{"line_number":56,"context_line":"host. For such reason, no more than 4 profiles may be defined at a single time"},{"line_number":57,"context_line":"to avoid over encumbering it."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"For the sake of improving usability, shared code found across the package\u0027s"},{"line_number":60,"context_line":"functions should be extracted into their own, unmarked as privileged. These"},{"line_number":61,"context_line":"shared functions will take care of performing more generic actions, like"},{"line_number":62,"context_line":"\u0027chown\u0027 or \u0027mkdir\u0027, that may not require more than the user\u0027s rights to be"},{"line_number":63,"context_line":"done. By using those, functions relying on privsep will then be specialized"}],"source_content_type":"text/x-rst","patch_set":6,"id":"13ed9062_b157ee3a","line":60,"range":{"start_line":59,"start_character":0,"end_line":60,"end_character":68},"in_reply_to":"2c0a0842_b8d566ec","updated":"2022-12-16 17:49:19.000000000","message":"Ack","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0c9e89dcd0e1b80fe67a445c6c713f5be944591c","unresolved":false,"context_lines":[{"line_number":56,"context_line":"host. For such reason, no more than 4 profiles may be defined at a single time"},{"line_number":57,"context_line":"to avoid over encumbering it."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"For the sake of improving usability, shared code found across the package\u0027s"},{"line_number":60,"context_line":"functions should be extracted into their own, unmarked as privileged. These"},{"line_number":61,"context_line":"shared functions will take care of performing more generic actions, like"},{"line_number":62,"context_line":"\u0027chown\u0027 or \u0027mkdir\u0027, that may not require more than the user\u0027s rights to be"},{"line_number":63,"context_line":"done. By using those, functions relying on privsep will then be specialized"}],"source_content_type":"text/x-rst","patch_set":6,"id":"bda4bec2_d02a6767","line":60,"range":{"start_line":59,"start_character":0,"end_line":60,"end_character":69},"in_reply_to":"691ef69e_22a305ed","updated":"2022-12-16 17:49:19.000000000","message":"Ack","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"04414f314a136cb492c8fa445df065f408bb06a9","unresolved":true,"context_lines":[{"line_number":56,"context_line":"host. For such reason, no more than 4 profiles may be defined at a single time"},{"line_number":57,"context_line":"to avoid over encumbering it."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"For the sake of improving usability, shared code found across the package\u0027s"},{"line_number":60,"context_line":"functions should be extracted into their own, unmarked as privileged. These"},{"line_number":61,"context_line":"shared functions will take care of performing more generic actions, like"},{"line_number":62,"context_line":"\u0027chown\u0027 or \u0027mkdir\u0027, that may not require more than the user\u0027s rights to be"},{"line_number":63,"context_line":"done. By using those, functions relying on privsep will then be specialized"}],"source_content_type":"text/x-rst","patch_set":6,"id":"2c0a0842_b8d566ec","line":60,"range":{"start_line":59,"start_character":0,"end_line":60,"end_character":68},"in_reply_to":"f1aa9d28_8c5950b9","updated":"2022-12-16 13:41:19.000000000","message":"Done.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"476060f0f41e8490376be847bf0b53912f34ae9f","unresolved":true,"context_lines":[{"line_number":60,"context_line":"functions should be extracted into their own, unmarked as privileged. These"},{"line_number":61,"context_line":"shared functions will take care of performing more generic actions, like"},{"line_number":62,"context_line":"\u0027chown\u0027 or \u0027mkdir\u0027, that may not require more than the user\u0027s rights to be"},{"line_number":63,"context_line":"done. By using those, functions relying on privsep will then be specialized"},{"line_number":64,"context_line":"for a single use case. For example, \u0027write_tpm_data\u0027 requires file capabilities"},{"line_number":65,"context_line":"and will be composed from generic \u0027echo\u0027 and \u0027chown\u0027 actions."},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":6,"id":"314caddc_12a9eb6f","line":64,"range":{"start_line":63,"start_character":6,"end_line":64,"end_character":21},"updated":"2022-12-15 09:35:35.000000000","message":"When elevated permissions are required, specialized single use functions with a narrow contract will be defiled using one of the new presep contexts.\nThese functions will be defined in the module that uses them and will contain privileged in the name. Privaldaged function should only be used in a single module and only be imported in unit tests.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"04414f314a136cb492c8fa445df065f408bb06a9","unresolved":true,"context_lines":[{"line_number":60,"context_line":"functions should be extracted into their own, unmarked as privileged. These"},{"line_number":61,"context_line":"shared functions will take care of performing more generic actions, like"},{"line_number":62,"context_line":"\u0027chown\u0027 or \u0027mkdir\u0027, that may not require more than the user\u0027s rights to be"},{"line_number":63,"context_line":"done. By using those, functions relying on privsep will then be specialized"},{"line_number":64,"context_line":"for a single use case. For example, \u0027write_tpm_data\u0027 requires file capabilities"},{"line_number":65,"context_line":"and will be composed from generic \u0027echo\u0027 and \u0027chown\u0027 actions."},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":6,"id":"e36af9d7_089a8675","line":64,"range":{"start_line":63,"start_character":6,"end_line":64,"end_character":21},"in_reply_to":"314caddc_12a9eb6f","updated":"2022-12-16 13:41:19.000000000","message":"Done.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0c9e89dcd0e1b80fe67a445c6c713f5be944591c","unresolved":false,"context_lines":[{"line_number":60,"context_line":"functions should be extracted into their own, unmarked as privileged. These"},{"line_number":61,"context_line":"shared functions will take care of performing more generic actions, like"},{"line_number":62,"context_line":"\u0027chown\u0027 or \u0027mkdir\u0027, that may not require more than the user\u0027s rights to be"},{"line_number":63,"context_line":"done. By using those, functions relying on privsep will then be specialized"},{"line_number":64,"context_line":"for a single use case. For example, \u0027write_tpm_data\u0027 requires file capabilities"},{"line_number":65,"context_line":"and will be composed from generic \u0027echo\u0027 and \u0027chown\u0027 actions."},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":6,"id":"01b8d5ee_e913876f","line":64,"range":{"start_line":63,"start_character":6,"end_line":64,"end_character":21},"in_reply_to":"e36af9d7_089a8675","updated":"2022-12-16 17:49:19.000000000","message":"Ack","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"476060f0f41e8490376be847bf0b53912f34ae9f","unresolved":true,"context_lines":[{"line_number":61,"context_line":"shared functions will take care of performing more generic actions, like"},{"line_number":62,"context_line":"\u0027chown\u0027 or \u0027mkdir\u0027, that may not require more than the user\u0027s rights to be"},{"line_number":63,"context_line":"done. By using those, functions relying on privsep will then be specialized"},{"line_number":64,"context_line":"for a single use case. For example, \u0027write_tpm_data\u0027 requires file capabilities"},{"line_number":65,"context_line":"and will be composed from generic \u0027echo\u0027 and \u0027chown\u0027 actions."},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"Alternatives"},{"line_number":68,"context_line":"------------"},{"line_number":69,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"aef026e9_f8cfddf5","line":66,"range":{"start_line":64,"start_character":23,"end_line":66,"end_character":0},"updated":"2022-12-15 09:35:35.000000000","message":"i know that this is an example but just to be clear, nova tries to never call command line utilities when there are python lib alternatives.\n\nso nova should never actully use echo. when i was refering ot chown previously that was not the chown command it was the OS.chown function https://docs.python.org/3/library/os.html#os.chown\n\n\n\nso write_tpm_data would look like this\n\n```\n# in nova/common/filesytem.py\n\ndef write_file(path: str, data: str \u003d None, mode: str \u003d \u0027w\u0027) -\u003e ty.Optional[str]:\n    try:\n        with open(path, mode\u003d\u0027w\u0027) as fd:\n            fd.write(data)\n    except (OSError, ValueError) as e:\n        LOG.debug(e)\n        raise\n        \ndef chown_file(path: str, usr: str \u003d None, grp: str \u003d None) -\u003e ty.Optional[str]:\n    try:\n        shutil.chown(path, user\u003dusr, group\u003dgrp)\n    except (OSError, ValueError) as e:\n        LOG.debug(e)\n        raise\n\n# in nova/virt/libvirt/driver.py\nimport nova\n\nfrom nova.common import filesystem as fs\n...\n\n@nova.file_admin_pctxt      \ndef write_tpm_data_privileged(instance: uuid, tpm_data: str) -\u003e ty.Optional[str]:\n    if not oslo_utils.uuidutils.is_uuid_like(instance):\n        raise ValueError(f\"instance: {instance} is not a valid uuid\")\n    path \u003d os.path.join(CONF.instace_state_dir, instance)\n    try:\n        fs.write_file(path, data\u003dtpm_data, mode\u003d\u0027wb\u0027)\n        fs.chown_file(path, \"nova\", \"qemu\")\n    except (OSError, ValueError) as e:\n        LOG.debug(e)\n```\n\ncan you include this example as written above.\nIt demonstrates the usage of the new context and the best practice.\n\nwrite_tpm_data_privileged has a narrow contract, the instance uuid and the binary data. the location of the tpm data is computed in the privadged function.\nthe fact its privadged is denoted in the name. the input is validated so that the computed path is valid and the instance paramater cannot be abused. finally the common code is in a common location and the elevated code is in the file that requried that permision.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0c9e89dcd0e1b80fe67a445c6c713f5be944591c","unresolved":false,"context_lines":[{"line_number":61,"context_line":"shared functions will take care of performing more generic actions, like"},{"line_number":62,"context_line":"\u0027chown\u0027 or \u0027mkdir\u0027, that may not require more than the user\u0027s rights to be"},{"line_number":63,"context_line":"done. By using those, functions relying on privsep will then be specialized"},{"line_number":64,"context_line":"for a single use case. For example, \u0027write_tpm_data\u0027 requires file capabilities"},{"line_number":65,"context_line":"and will be composed from generic \u0027echo\u0027 and \u0027chown\u0027 actions."},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"Alternatives"},{"line_number":68,"context_line":"------------"},{"line_number":69,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"64c86900_ba121e55","line":66,"range":{"start_line":64,"start_character":23,"end_line":66,"end_character":0},"in_reply_to":"89d8287f_18c754d9","updated":"2022-12-16 17:49:19.000000000","message":"Ack","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"04414f314a136cb492c8fa445df065f408bb06a9","unresolved":true,"context_lines":[{"line_number":61,"context_line":"shared functions will take care of performing more generic actions, like"},{"line_number":62,"context_line":"\u0027chown\u0027 or \u0027mkdir\u0027, that may not require more than the user\u0027s rights to be"},{"line_number":63,"context_line":"done. By using those, functions relying on privsep will then be specialized"},{"line_number":64,"context_line":"for a single use case. For example, \u0027write_tpm_data\u0027 requires file capabilities"},{"line_number":65,"context_line":"and will be composed from generic \u0027echo\u0027 and \u0027chown\u0027 actions."},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"Alternatives"},{"line_number":68,"context_line":"------------"},{"line_number":69,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"89d8287f_18c754d9","line":66,"range":{"start_line":64,"start_character":23,"end_line":66,"end_character":0},"in_reply_to":"aef026e9_f8cfddf5","updated":"2022-12-16 13:41:19.000000000","message":"Done.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"9c89f7fac1def194ac5b13e4a23d8ebfa01fb146","unresolved":true,"context_lines":[{"line_number":103,"context_line":"Other deployer impact"},{"line_number":104,"context_line":"---------------------"},{"line_number":105,"context_line":""},{"line_number":106,"context_line":"The change has immediate effect once merged."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"Developer impact"},{"line_number":109,"context_line":"----------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"e17ea43c_ade930e2","line":106,"updated":"2022-12-14 17:50:31.000000000","message":"nit: just \u0027None\u0027 is enough.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"867f4445a020fd3da7f6829e48c5d4a90178983a","unresolved":false,"context_lines":[{"line_number":103,"context_line":"Other deployer impact"},{"line_number":104,"context_line":"---------------------"},{"line_number":105,"context_line":""},{"line_number":106,"context_line":"The change has immediate effect once merged."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"Developer impact"},{"line_number":109,"context_line":"----------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"8b43ec1d_14a31731","line":106,"in_reply_to":"4125a99c_70a53a87","updated":"2022-12-19 12:07:49.000000000","message":"Ack","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"04414f314a136cb492c8fa445df065f408bb06a9","unresolved":true,"context_lines":[{"line_number":103,"context_line":"Other deployer impact"},{"line_number":104,"context_line":"---------------------"},{"line_number":105,"context_line":""},{"line_number":106,"context_line":"The change has immediate effect once merged."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"Developer impact"},{"line_number":109,"context_line":"----------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"cb98188f_059cd5e0","line":106,"in_reply_to":"bff43602_c7fe5c26","updated":"2022-12-16 13:41:19.000000000","message":"I understand that this is referring to the privsep daemons and that they need configuring, right?","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0c9e89dcd0e1b80fe67a445c6c713f5be944591c","unresolved":true,"context_lines":[{"line_number":103,"context_line":"Other deployer impact"},{"line_number":104,"context_line":"---------------------"},{"line_number":105,"context_line":""},{"line_number":106,"context_line":"The change has immediate effect once merged."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"Developer impact"},{"line_number":109,"context_line":"----------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"f4687ec8_497813cd","line":106,"in_reply_to":"cb98188f_059cd5e0","updated":"2022-12-16 17:49:19.000000000","message":"only if you dont use the defautls.\n\nbasically we defautl to use sudo to elevate privladges.\n\nsome distros, i think possibel suse did not ship sudo in there openstack product by default so if your company or disto differs form the defautls then you need need to account for that on upgrade.\n\n\nour docs dont really render it properly but tehre are seperate privsep options per context \nhttps://docs.openstack.org/nova/latest/configuration/config.html#privsep","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"476060f0f41e8490376be847bf0b53912f34ae9f","unresolved":true,"context_lines":[{"line_number":103,"context_line":"Other deployer impact"},{"line_number":104,"context_line":"---------------------"},{"line_number":105,"context_line":""},{"line_number":106,"context_line":"The change has immediate effect once merged."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"Developer impact"},{"line_number":109,"context_line":"----------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"bff43602_c7fe5c26","line":106,"in_reply_to":"e17ea43c_ade930e2","updated":"2022-12-15 09:35:35.000000000","message":"Each context has its own set  of config options to parameterise how privsep is run.\nfor operator that customise there deployment they will need to be aware that this need to be done for each context.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"24a675485844e379122a3e542ac5208dd1d86651","unresolved":true,"context_lines":[{"line_number":103,"context_line":"Other deployer impact"},{"line_number":104,"context_line":"---------------------"},{"line_number":105,"context_line":""},{"line_number":106,"context_line":"The change has immediate effect once merged."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"Developer impact"},{"line_number":109,"context_line":"----------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"4125a99c_70a53a87","line":106,"in_reply_to":"f4687ec8_497813cd","updated":"2022-12-19 11:26:00.000000000","message":"Cool, updated following this.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"476060f0f41e8490376be847bf0b53912f34ae9f","unresolved":true,"context_lines":[{"line_number":138,"context_line":"  each need."},{"line_number":139,"context_line":"* Define profiles for functions that share a common context, i.e.: run a system"},{"line_number":140,"context_line":"  command, modify network settings..."},{"line_number":141,"context_line":"* Define by-case profiles for functions that were not covered by the general"},{"line_number":142,"context_line":"  ones."},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"Dependencies"},{"line_number":145,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"02c6c54c_9fa21922","line":142,"range":{"start_line":141,"start_character":2,"end_line":142,"end_character":7},"updated":"2022-12-15 09:35:35.000000000","message":"this should be deleted.\n\ni have provided the 4 initall context that should eb added above.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"04414f314a136cb492c8fa445df065f408bb06a9","unresolved":true,"context_lines":[{"line_number":138,"context_line":"  each need."},{"line_number":139,"context_line":"* Define profiles for functions that share a common context, i.e.: run a system"},{"line_number":140,"context_line":"  command, modify network settings..."},{"line_number":141,"context_line":"* Define by-case profiles for functions that were not covered by the general"},{"line_number":142,"context_line":"  ones."},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"Dependencies"},{"line_number":145,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3be590f3_860b0d3b","line":142,"range":{"start_line":141,"start_character":2,"end_line":142,"end_character":7},"in_reply_to":"02c6c54c_9fa21922","updated":"2022-12-16 13:41:19.000000000","message":"Done.","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0c9e89dcd0e1b80fe67a445c6c713f5be944591c","unresolved":false,"context_lines":[{"line_number":138,"context_line":"  each need."},{"line_number":139,"context_line":"* Define profiles for functions that share a common context, i.e.: run a system"},{"line_number":140,"context_line":"  command, modify network settings..."},{"line_number":141,"context_line":"* Define by-case profiles for functions that were not covered by the general"},{"line_number":142,"context_line":"  ones."},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"Dependencies"},{"line_number":145,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"8671edeb_00f88910","line":142,"range":{"start_line":141,"start_character":2,"end_line":142,"end_character":7},"in_reply_to":"3be590f3_860b0d3b","updated":"2022-12-16 17:49:19.000000000","message":"Ack","commit_id":"13f464043f7bfc983d22a6459a528cf0ebc03b3c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"131d8ecc77c457892fa17fedb7a05b4e19aff0d3","unresolved":true,"context_lines":[{"line_number":88,"context_line":"    mode: str \u003d \u0027w\u0027"},{"line_number":89,"context_line":"  ) -\u003e ty.Optional[str]:"},{"line_number":90,"context_line":"      try:"},{"line_number":91,"context_line":"          with open(path, mode\u003d\u0027w\u0027) as fd:"},{"line_number":92,"context_line":"              fd.write(data)"},{"line_number":93,"context_line":"      except (OSError, ValueError) as e:"},{"line_number":94,"context_line":"          LOG.debug(e)"}],"source_content_type":"text/x-rst","patch_set":7,"id":"e2629ea7_bda0f6ca","line":91,"range":{"start_line":91,"start_character":31,"end_line":91,"end_character":34},"updated":"2022-12-16 17:56:12.000000000","message":"nit: mode","commit_id":"49e8cd425a1d5e5624cf08c8c0a0599477a14bf4"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"867f4445a020fd3da7f6829e48c5d4a90178983a","unresolved":false,"context_lines":[{"line_number":88,"context_line":"    mode: str \u003d \u0027w\u0027"},{"line_number":89,"context_line":"  ) -\u003e ty.Optional[str]:"},{"line_number":90,"context_line":"      try:"},{"line_number":91,"context_line":"          with open(path, mode\u003d\u0027w\u0027) as fd:"},{"line_number":92,"context_line":"              fd.write(data)"},{"line_number":93,"context_line":"      except (OSError, ValueError) as e:"},{"line_number":94,"context_line":"          LOG.debug(e)"}],"source_content_type":"text/x-rst","patch_set":7,"id":"a6ffc7f0_35cfbe13","line":91,"range":{"start_line":91,"start_character":31,"end_line":91,"end_character":34},"in_reply_to":"2309c1b4_447ef2c4","updated":"2022-12-19 12:07:49.000000000","message":"Ack","commit_id":"49e8cd425a1d5e5624cf08c8c0a0599477a14bf4"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"24a675485844e379122a3e542ac5208dd1d86651","unresolved":true,"context_lines":[{"line_number":88,"context_line":"    mode: str \u003d \u0027w\u0027"},{"line_number":89,"context_line":"  ) -\u003e ty.Optional[str]:"},{"line_number":90,"context_line":"      try:"},{"line_number":91,"context_line":"          with open(path, mode\u003d\u0027w\u0027) as fd:"},{"line_number":92,"context_line":"              fd.write(data)"},{"line_number":93,"context_line":"      except (OSError, ValueError) as e:"},{"line_number":94,"context_line":"          LOG.debug(e)"}],"source_content_type":"text/x-rst","patch_set":7,"id":"2309c1b4_447ef2c4","line":91,"range":{"start_line":91,"start_character":31,"end_line":91,"end_character":34},"in_reply_to":"e2629ea7_bda0f6ca","updated":"2022-12-19 11:26:00.000000000","message":"Done.","commit_id":"49e8cd425a1d5e5624cf08c8c0a0599477a14bf4"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"131d8ecc77c457892fa17fedb7a05b4e19aff0d3","unresolved":true,"context_lines":[{"line_number":209,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"Tempest tests could be defined targeting functionality that interacts with the"},{"line_number":212,"context_line":"host system, testing through that the functions affected by this spec."},{"line_number":213,"context_line":""},{"line_number":214,"context_line":"Documentation Impact"},{"line_number":215,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":7,"id":"c8e79408_2437f49f","line":212,"updated":"2022-12-16 17:56:12.000000000","message":"we dont actully need to define new tempest tests but we do need to ensure teh exsting tempest testing jobs continue to work without modification.\n\nthat will proved that the fuctionality remains the same with the reduce permission set.","commit_id":"49e8cd425a1d5e5624cf08c8c0a0599477a14bf4"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"867f4445a020fd3da7f6829e48c5d4a90178983a","unresolved":false,"context_lines":[{"line_number":209,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"Tempest tests could be defined targeting functionality that interacts with the"},{"line_number":212,"context_line":"host system, testing through that the functions affected by this spec."},{"line_number":213,"context_line":""},{"line_number":214,"context_line":"Documentation Impact"},{"line_number":215,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":7,"id":"b389a496_21e1bdfb","line":212,"in_reply_to":"8e9366f7_d0da7575","updated":"2022-12-19 12:07:49.000000000","message":"Ack","commit_id":"49e8cd425a1d5e5624cf08c8c0a0599477a14bf4"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"24a675485844e379122a3e542ac5208dd1d86651","unresolved":true,"context_lines":[{"line_number":209,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"Tempest tests could be defined targeting functionality that interacts with the"},{"line_number":212,"context_line":"host system, testing through that the functions affected by this spec."},{"line_number":213,"context_line":""},{"line_number":214,"context_line":"Documentation Impact"},{"line_number":215,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":7,"id":"8e9366f7_d0da7575","line":212,"in_reply_to":"c8e79408_2437f49f","updated":"2022-12-19 11:26:00.000000000","message":"Done.","commit_id":"49e8cd425a1d5e5624cf08c8c0a0599477a14bf4"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"d44bd2de68530b24228394b765721c20b9fa23e9","unresolved":true,"context_lines":[{"line_number":112,"context_line":"functions with a narrow contract will be defined using one of the new privsep"},{"line_number":113,"context_line":"contexts. These functions will be created following these conditions:"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"* Will contain the ``privileged_`` prefix on their name."},{"line_number":116,"context_line":"* Will be defined at the same package that uses them."},{"line_number":117,"context_line":"* Will only be imported by a single module, excepting unit tests."},{"line_number":118,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"62922dc3_18a43d88","line":115,"updated":"2023-01-11 10:58:56.000000000","message":"In the example there is a privileged suffix instead","commit_id":"ee8c837d28f709d91fe6ac42485ffdba44a9359f"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"72f750e8e193fe0f17d91afaab210d02e4e6e4a3","unresolved":false,"context_lines":[{"line_number":112,"context_line":"functions with a narrow contract will be defined using one of the new privsep"},{"line_number":113,"context_line":"contexts. These functions will be created following these conditions:"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"* Will contain the ``privileged_`` prefix on their name."},{"line_number":116,"context_line":"* Will be defined at the same package that uses them."},{"line_number":117,"context_line":"* Will only be imported by a single module, excepting unit tests."},{"line_number":118,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"e19d2403_645bb609","line":115,"in_reply_to":"0e5b3aa6_9a8534d4","updated":"2023-01-12 09:10:11.000000000","message":"Done","commit_id":"ee8c837d28f709d91fe6ac42485ffdba44a9359f"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"2ad23211573e03dd878b5127c9d6d1cbcb55ba29","unresolved":true,"context_lines":[{"line_number":112,"context_line":"functions with a narrow contract will be defined using one of the new privsep"},{"line_number":113,"context_line":"contexts. These functions will be created following these conditions:"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"* Will contain the ``privileged_`` prefix on their name."},{"line_number":116,"context_line":"* Will be defined at the same package that uses them."},{"line_number":117,"context_line":"* Will only be imported by a single module, excepting unit tests."},{"line_number":118,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"0e5b3aa6_9a8534d4","line":115,"in_reply_to":"62922dc3_18a43d88","updated":"2023-01-11 15:05:16.000000000","message":"That is true. Fixed.","commit_id":"ee8c837d28f709d91fe6ac42485ffdba44a9359f"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"d44bd2de68530b24228394b765721c20b9fa23e9","unresolved":true,"context_lines":[{"line_number":114,"context_line":""},{"line_number":115,"context_line":"* Will contain the ``privileged_`` prefix on their name."},{"line_number":116,"context_line":"* Will be defined at the same package that uses them."},{"line_number":117,"context_line":"* Will only be imported by a single module, excepting unit tests."},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"Here is an example of how this implementation would be like::"},{"line_number":120,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"1b7ff393_d205dc8a","line":117,"updated":"2023-01-11 10:58:56.000000000","message":"What is the reason we want this limitation? How will we enforce this?","commit_id":"ee8c837d28f709d91fe6ac42485ffdba44a9359f"},{"author":{"_account_id":34443,"name":"Jorge San Emeterio","display_name":"jsanemet","email":"jsanemet@redhat.com","username":"jsanemet"},"change_message_id":"2ad23211573e03dd878b5127c9d6d1cbcb55ba29","unresolved":true,"context_lines":[{"line_number":114,"context_line":""},{"line_number":115,"context_line":"* Will contain the ``privileged_`` prefix on their name."},{"line_number":116,"context_line":"* Will be defined at the same package that uses them."},{"line_number":117,"context_line":"* Will only be imported by a single module, excepting unit tests."},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"Here is an example of how this implementation would be like::"},{"line_number":120,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"e8940b6d_fe8cca2e","line":117,"in_reply_to":"1b7ff393_d205dc8a","updated":"2023-01-11 15:05:16.000000000","message":"I believe the idea is to restrict the scope on privileged functions as much as possible. We have already talked about extracting common functionality into general-use functions and have privileged ones be dedicated to very specific cases. This point tries to reduce their usage to a minimum. However, I do not know how feasible this will be on practice, meaning it will probably be a best practice to follow as much as we can.","commit_id":"ee8c837d28f709d91fe6ac42485ffdba44a9359f"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"72f750e8e193fe0f17d91afaab210d02e4e6e4a3","unresolved":false,"context_lines":[{"line_number":114,"context_line":""},{"line_number":115,"context_line":"* Will contain the ``privileged_`` prefix on their name."},{"line_number":116,"context_line":"* Will be defined at the same package that uses them."},{"line_number":117,"context_line":"* Will only be imported by a single module, excepting unit tests."},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"Here is an example of how this implementation would be like::"},{"line_number":120,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"2fc569eb_9974758a","line":117,"in_reply_to":"48d2dd5a_a3236f0d","updated":"2023-01-12 09:10:11.000000000","message":"Thanks for the explanation. I\u0027m wondering that it might worth to enforce this via hacking somehow. We can probably detect the privsep decorated functions from hacking and then we would need to ensure that the decorated function is not mentioned outside of its module or in the unit test tree. However that second part needs a second pass on the codebase by hacking so might not be easy to implement. Alternatively we can think about a dynamic check instead of a static hacking check. In our unit / functional test env we could wrap the privsep decorator to inject a selective poison before the decorated function that could raise if the original function is called outside of the module it is defined or from the unit test tree. This is not trivial but probably doable with some decorator and inspect magic. Anyhow this is not affecting the spec itself just wanted to plant the seeds of automating this into your heads :)","commit_id":"ee8c837d28f709d91fe6ac42485ffdba44a9359f"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2ba98ec0e8de154e85c487dcf433f40228aead42","unresolved":true,"context_lines":[{"line_number":114,"context_line":""},{"line_number":115,"context_line":"* Will contain the ``privileged_`` prefix on their name."},{"line_number":116,"context_line":"* Will be defined at the same package that uses them."},{"line_number":117,"context_line":"* Will only be imported by a single module, excepting unit tests."},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"Here is an example of how this implementation would be like::"},{"line_number":120,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"48d2dd5a_a3236f0d","line":117,"in_reply_to":"e8940b6d_fe8cca2e","updated":"2023-01-11 17:16:48.000000000","message":"the function that is decorated by the privsep context shoudl have a narrow concract so in general should not be resuable \n\nit might be resuabel in a differnt module in some case which is ok but in general this is to encuranges use not to extend the function signiture to take more arguments to make it reusable.\n\nthe reusable code shoudl live in the functions that do not have a privsep decorator","commit_id":"ee8c837d28f709d91fe6ac42485ffdba44a9359f"}]}