{"library":"oslo-privsep","title":"oslo.privsep","description":"OpenStack library for privilege separation. Provides a framework for running sensitive operations in a separate privileged process. Current version is 3.10.1, released as part of OpenStack Dalmatian. Released on a 6-month cadence aligned with OpenStack releases.","language":"python","status":"active","last_verified":"Mon Apr 27","install":{"commands":["pip install oslo-privsep"],"cli":null},"imports":["from oslo_privsep import priv_context","from oslo_privsep import daemon"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import os\nfrom oslo_privsep import priv_context\nfrom oslo_privsep import capabilities\n\n# Define a privileged context\npriv_context.init(\n    priv_context.DaemonPrincipal(\n        user='root',\n        group='root',\n    ),\n    resource_limits=[\n        priv_context.ResourceLimit(\n            resource=capabilities.RLIMIT_AS,\n            soft=1024 * 1024 * 500,  # 500 MB\n            hard=1024 * 1024 * 500,\n        ),\n    ],\n)\n\n# Expose a function to run as privileged\n@priv_context.entrypoint\ndef run_as_root():\n    # This runs with escalated privileges\n    import subprocess\n    return subprocess.check_output(['whoami']).strip()\n\nif __name__ == '__main__':\n    print(run_as_root())","lang":"python","description":"Initialize a daemon principal with root privileges and call a function that runs as root.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}