[Openstack-security] FW: [openstack/nova] SecurityImpact review request change I871af4018f99ddfcc8408708bdaaf480088ac477

Clark, Robert Graham robert.clark at hp.com
Wed Jan 22 15:37:36 UTC 2014 


> -----Original Message-----
> From: gerrit2 at review.openstack.org
> [mailto:gerrit2 at review.openstack.org]
> Sent: 22 January 2014 15:18
> To: openstack-security at lists.openstack.org
> Subject: [Openstack-security] [openstack/nova] SecurityImpact review
> request change I871af4018f99ddfcc8408708bdaaf480088ac477
> 
> 
> Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
> https://review.openstack.org/40467
> 
> Log:
> commit 7e28069eed82da10754a7f1e1fedf9c9d0eb88df
> Author: Dan Genin <daniel.genin at jhuapl.edu>
> Date:   Thu Jan 2 09:45:11 2014 -0500
> 
>     Adds ephemeral storage encryption for LVM back-end images
> 
>     This patch adds ephemeral storage encryption for LVM back-end
> instances.
>     Encryption is implemented by passing all data written to and read
> from
>     the logical volumes through a dm-crypt layer. Most instance
> operations
>     such as pause/continue, suspend/resume, reboot, etc. are
supported.
>     Snapshots are also supported but are not encrypted at present. VM
> rescue
>     and migration are not supported at present.
> 
>     The proposed code provides data-at-rest security for all ephemeral
>     storage disks, preventing access to data while an instance is
>     shut down, or in case the compute host is shut down while an
> instance is
>     running.
> 
>     Options controlling the encryption state, cipher and key size are
>     specified in the "ephemeral_storage_encryption" options group. The
> boolean
>     "enabled" option turns encryption on and off and the "cipher" and
> "key_size"
>     options specify the cipher and key size, respectively.
> 
>     Note: depends on cryptsetup being installed.
> 
>     Implements: blueprint encrypt-ephemeral-storage
>     Change-Id: I871af4018f99ddfcc8408708bdaaf480088ac477
>     DocImpact
>     SecurityImpact
> 
> 
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security

Please take a good look at this guys.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6187 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140122/b3ca10e8/attachment.bin>

More information about the Openstack-security mailing list