[Kimchi-devel] [PATCH v2 0/4] Github #329: "YOU SHALL NOT ... run as root!"
Daniel Barboza
danielhb at linux.vnet.ibm.com
Tue Apr 8 20:50:26 UTC 2014
From: Daniel Henrique Barboza <danielhb at linux.vnet.ibm.com>
Changes:
*v2:
- adressed Ramon's comment about the python path in kimchid.in
This patch series revamps the launch architecture to allow kimchi
to not run as root while being exposed at an open http/https port.
The solution adopted is using a reverse http proxy (nginx) to make
the 'bridge' between two distinct cherrypy processes, one running
as frontend as a regular user and another running as backend, as root.
The communication with the outside will be done through nginx, running
as a regular user too.
The changes were heavy in the kimchid script, but the startup and
usage options still the same. User-wise, there shouldn't be any
functional change in the way kimchi works after applying this change.
Refer to https://github.com/kimchi-project/kimchi/issues/329 for
further information in all the other approaches considered and why
they didn't work out.
Daniel Henrique Barboza (4):
Github #329: kimchid script changes
Github #329: new launch script and proxy template
Github #329: server, root and utils changes
Github #329: config.py.in, spec, readme and makefile changes
.gitignore | 2 +
contrib/kimchi.spec.fedora.in | 5 +-
contrib/kimchi.spec.suse.in | 3 +
docs/README.md | 4 +-
src/Makefile.am | 9 +-
src/kimchi/config.py.in | 9 +-
src/kimchi/root.py | 6 +-
src/kimchi/server.py | 100 ++++++++++++---------
src/kimchi/utils.py | 42 ++++++++-
src/kimchid.in | 202 ++++++++++++++++++++++++++++++++++++------
src/kimchid_server.in | 45 ++++++++++
src/nginx.conf.in | 69 +++++++++++++++
12 files changed, 418 insertions(+), 78 deletions(-)
create mode 100644 src/kimchid_server.in
create mode 100644 src/nginx.conf.in
--
1.8.3.1
More information about the Kimchi-devel
mailing list