We consider mounting untrusted filesystems on the host kernel to be
an unacceptable security risk. A user can craft a malicious filesystem
that expliots bugs in the kernel filesystem drivers. This is particularly
bad if you allow the kernel to probe for filesystem type since Linux
has
On Monday 07 July 2014 16:11:21 Joe Gordon wrote:
On Jul 3, 2014 11:43 AM, Dmitry Guryanov dgurya...@parallels.com wrote:
Hi, All!
As far as I know, there are some requirements, which virt driver must
meet to
use Openstack 'label'. For example, it's not allowed to mount cinder
On Thu, Jul 10, 2014 at 05:36:59PM +0400, Dmitry Guryanov wrote:
I have a question about mounts - in OpenVZ project each container has its own
filesystem in an image file. So to start a container we mount this filesystem
in host OS (because all containers share the same linux kernel). Is it a
On Thu, Jul 10, 2014 at 05:57:46PM +0400, Dmitry Guryanov wrote:
On Tuesday 08 July 2014 14:10:25 Michael Still wrote:
Joe has a good answer, but you should also be aware of the hypervisor
support matrix (https://wiki.openstack.org/wiki/HypervisorSupportMatrix),
which hopefully comes some
On Thursday 10 July 2014 14:47:11 Daniel P. Berrange wrote:
On Thu, Jul 10, 2014 at 05:36:59PM +0400, Dmitry Guryanov wrote:
I have a question about mounts - in OpenVZ project each container has its
own filesystem in an image file. So to start a container we mount this
filesystem in host OS
On Thu, Jul 10, 2014 at 06:18:52PM +0400, Dmitry Guryanov wrote:
On Thursday 10 July 2014 14:47:11 Daniel P. Berrange wrote:
On Thu, Jul 10, 2014 at 05:36:59PM +0400, Dmitry Guryanov wrote:
I have a question about mounts - in OpenVZ project each container has its
own filesystem in an
On Thu, 2014-07-10 at 14:47 +0100, Daniel P. Berrange wrote:
On Thu, Jul 10, 2014 at 05:36:59PM +0400, Dmitry Guryanov wrote:
I have a question about mounts - in OpenVZ project each container has its
own
filesystem in an image file. So to start a container we mount this
filesystem
On Thu, Jul 10, 2014 at 08:19:36AM -0700, James Bottomley wrote:
On Thu, 2014-07-10 at 14:47 +0100, Daniel P. Berrange wrote:
On Thu, Jul 10, 2014 at 05:36:59PM +0400, Dmitry Guryanov wrote:
I have a question about mounts - in OpenVZ project each container has its
own
filesystem in
On Jul 3, 2014 11:43 AM, Dmitry Guryanov dgurya...@parallels.com wrote:
Hi, All!
As far as I know, there are some requirements, which virt driver must
meet to
use Openstack 'label'. For example, it's not allowed to mount cinder
volumes
inside host OS.
I am a little unclear on what your
Joe has a good answer, but you should also be aware of the hypervisor
support matrix (https://wiki.openstack.org/wiki/HypervisorSupportMatrix),
which hopefully comes some way to explaining what we expect of a nova
driver.
Cheers,
Michael
On Tue, Jul 8, 2014 at 9:11 AM, Joe Gordon
Hi, All!
As far as I know, there are some requirements, which virt driver must meet to
use Openstack 'label'. For example, it's not allowed to mount cinder volumes
inside host OS.
Are there any documents, describing all such things? How can I determine, if
my virtualization driver for nova
11 matches
Mail list logo
