Open Stack

>
> ​Hey Cory,​
>
> ​If I remember correctly, it was due to concerns around security issues.
> It's using the intermediate/tmp file to perform image checks prior to
> blindly laying down on the volume.  The maybe good news is that at least it
> doesn't need to do a conversion of the file.
>
> Thanks,
> John​
>

You are correct in that we need to do some checks on the image before
returning to the user.  We check that the image is actually raw.  If it was
actually qcow2 for example, that could lead to security issues.  However, I
don't think we need to store an intermediate file.  If Glance claims that
the image is in raw format, we could write directly to the volume, and then
perform the check.  If the check fails, delete the volume, no harm done.  I
think the reason this wasn't implemented yet is because it's another flow
in code that already has lots of branches, and the value was questionable.
If there is interest in it, I think it can be revisited.  What do you think
John?


-- 
*Avishay Traeger, PhD*
*System Architect*

Mobile: +972 54 447 1475
E-mail: avishay at stratoscale.com



Web <http://www.stratoscale.com/> | Blog <http://www.stratoscale.com/blog/>
 | Twitter <https://twitter.com/Stratoscale> | Google+
<https://plus.google.com/u/1/b/108421603458396133912/108421603458396133912/posts>
 | Linkedin <https://www.linkedin.com/company/stratoscale>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151013/71c4a3c3/attachment.html>