[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16422141#comment-16422141
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10230:
---------------------------------------------

rafaelweingartner commented on a change in pull request #2404: 
[CLOUDSTACK-10230] User should not be able to use removed “Guest OS type”
URL: https://github.com/apache/cloudstack/pull/2404#discussion_r178526830
 
 

 ##########
 File path: server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
 ##########
 @@ -6458,4 +6423,4 @@ private boolean checkStatusOfVolumeSnapshots(long vmId, 
Volume.Type type) {
         }
         return false;
     }
-}
+}
 
 Review comment:
   Yeas, it is.
   
   That is why I am not doing like this anymore. I am always splitting up the 
PR into multiple commits. It was one of your suggestions some time ago, which I 
liked. However, I created this PR before that.
   
   The changes are basically at lines 2380-2424.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> User is able to change to “Guest OS type” that has been removed 
> ----------------------------------------------------------------
>
>                 Key: CLOUDSTACK-10230
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10230
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>            Reporter: Rafael Weingärtner
>            Assignee: Rafael Weingärtner
>            Priority: Critical
>
> Users are able to change the OS type of VMs to “Guest OS type” that has been 
> removed. This becomes a security issue when we try to force users to use HVM 
> VMs (Meltdown/Spectre thing). A removed “guest os type” should not be usable 
> by any users in the cloud.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to