On Mon, Feb 23, 2015 at 11:52:29AM +0100, Raphael Glon wrote: > On 02/23/2015 11:23 AM, Daniel P. Berrange wrote: > >The alternative Nova implementation is*not* using fuse, it is using real > >mounts on the host FS. This is not a potential issue, it is an*actual* > >issue. There have been bugs in Linux filesystem drivers, including ext4, > >that would have allowed a malicous kernel image to crash and/or exploit > >the host kernel if mounted. > > > > http://libguestfs.org/guestfs.3.html#security-of-mounting-filesystems > > Ok noted -> so why is losetup or qemu-nbd still proposed by nova and still > the default method ?
Libguestfs method takes priority if it is installed on the host, but the legacy code still exists for benefit of existing deployed setups and drivers which don't have qemu/kvm available, eg LXC containers. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev