The oslo_privsep.daemon Module

The oslo_privsep.daemon Module

Privilege separation (“privsep”) daemon.

To ease transition this supports 2 alternative methods of starting the daemon, all resulting in a helper process running with elevated privileges and open socket(s) to the original process:

  1. Start via fork()

    Assumes process currently has all required privileges and is about to drop them (perhaps by setuid to an unprivileged user). If the the initial environment is secure and PrivContext.start(Method.FORK) is called early in main(), then this is the most secure and simplest. In particular, if the initial process is already running as non-root (but with sufficient capabilities, via eg suitable systemd service files), then no part needs to involve uid=0 or sudo.

  2. Start via sudo/rootwrap

    This starts the privsep helper on first use via sudo and rootwrap, and communicates via a temporary Unix socket passed on the command line. The communication channel is briefly exposed in the filesystem, but is protected with file permissions and connecting to it only grants access to the unprivileged process. Requires a suitable entry in sudoers or rootwrap.conf filters.

The privsep daemon exits when the communication channel is closed, (which usually occurs when the unprivileged process exits).

class oslo_privsep.daemon.Daemon(channel, context)

Bases: object

NB: This doesn’t fork() - do that yourself before calling run()

loop()

Main body of daemon request loop

run()

Run request loop. Sets up environment, then calls loop()

exception oslo_privsep.daemon.FailedToDropPrivileges

Bases: Exception

class oslo_privsep.daemon.ForkingClientChannel(context)

Bases: oslo_privsep.daemon._ClientChannel

class oslo_privsep.daemon.Message

Bases: enum.IntEnum

Types of messages sent across the communication channel

CALL = 3
ERR = 5
LOG = 6
PING = 1
PONG = 2
RET = 4
class oslo_privsep.daemon.PrivsepLogHandler(channel, processName=None)

Bases: logging.Handler

emit(record)

Do whatever it takes to actually log the specified logging record.

This version is intended to be implemented by subclasses and so raises a NotImplementedError.

exception oslo_privsep.daemon.ProtocolError

Bases: Exception

class oslo_privsep.daemon.RootwrapClientChannel(context)

Bases: oslo_privsep.daemon._ClientChannel

class oslo_privsep.daemon.StdioFd

Bases: enum.IntEnum

An enumeration.

STDERR = 2
STDIN = 0
STDOUT = 1
oslo_privsep.daemon.fdopen(fd, *args, **kwargs)
oslo_privsep.daemon.helper_main()

Start privileged process, serving requests over a Unix socket.

oslo_privsep.daemon.replace_logging(handler, log_root=None)
oslo_privsep.daemon.set_cloexec(fd)
oslo_privsep.daemon.setgid(group_id_or_name)
oslo_privsep.daemon.setuid(user_id_or_name)
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.