-----BEGIN PGP SIGNED MESSAGE-----
To ensure that all calls are easy-to-audit. The elevate() and drop()
calls should be properly bracketed with a try/finally so that exceptions
do not interfere with dropping privs.
So essentially we won't call "do" directly from a command anymore,
we'll call do_<how> and that's where we'll elevate (or not)? Yeah, I
can go with that. And yes, a try/finally was on the agenda...
Along these lines, I also thought that the mount()/umount() code would
be best if it were pushed into the do() function.
I haven't looked at that, so have no opinion. I'll look at it while
I'm working on the above.
As for the new mock, I would say patch format to the list is best
I'm on the fence as to whether this is a small to change to mock.py.
Tell you what, I'll add the do_elevated and do_asuser wrappers, put
that in place and send a diff. If it's too messy I can always send the
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----