Merge lp:~pwlars/charms/trusty/adt-cloud-worker/acw-charm-exec-user into lp:~canonical-ci-engineering/charms/trusty/adt-cloud-worker/trunk
Proposed by
Paul Larson
Status: | Merged |
---|---|
Approved by: | Paul Larson |
Approved revision: | 14 |
Merged at revision: | 13 |
Proposed branch: | lp:~pwlars/charms/trusty/adt-cloud-worker/acw-charm-exec-user |
Merge into: | lp:~canonical-ci-engineering/charms/trusty/adt-cloud-worker/trunk |
Diff against target: |
49 lines (+8/-2) 3 files modified
hooks/actions.py (+5/-0) hooks/services.py (+1/-0) templates/upstart.conf (+2/-2) |
To merge this branch: | bzr merge lp:~pwlars/charms/trusty/adt-cloud-worker/acw-charm-exec-user |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Celso Providelo (community) | Approve | ||
Paul Larson | Needs Resubmitting | ||
Review via email: mp+252768@code.launchpad.net |
Commit message
Run the worker as a normal user, rather than the user that was used to install the code.
Description of the change
Use a different user to run the worker than the user that was used to install the code, so that there's no risk anything in the worker can be used to modify itself.
To post a comment you must log in.
Paul,
Well done and great timing!
It will only work after https:/ /code.launchpad .net/~cprov/ charms/ trusty/ adt-cloud- worker/ uci-nova/ +merge/ 252769 lands, moving the security setup (specifically the ssh-keygen) to adt-run, which will run as the worker user, instead of "root".
[]