On Wed, Feb 18, 2015 at 07:23:52PM +0100, Raphael Glon wrote:
> Hi,
> This is about review:
> https://review.openstack.org/#/c/156633/
> 1 line, can be controversial
> Its purpose is to add the possibility not to use libguestfs for data
> injection in nova, even when installed.
> Not discussing about the fact that libguestfs should be preferred over fuse
> mounts for data injection as much as possible because mounts are more
> subject to causing security issues (and already have in the past nova
> releases).
> However, there are a lot of potential cases when libguestfs won't be usable
> for data injection
> This was the case here (fixed):
> https://bugzilla.redhat.com/show_bug.cgi?id=984409
> I entcountered a similar case more recently on powerkvm 2.1.0 (defect with
> the libguestfs)
> So just saying it could be good adding a simple config flag (set to True by
> default, to keep the current behaviour untouched) to force nova not using
> libguestfs without having to uninstall it and thus prevent other users on
> the host from using it.

The bug you quote above was easily fixed. If you have problems with
powerkvm then file a bug about them so they can be investigated &
fixed too. Just disabling its use is simply not at all helpful as the
alternative impl is horribly insecure against malicious disk images
which can cause host kernel crash.

|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe

Reply via email to