[openstack-dev] [olso] [cinder] upgrade issues in lock_path in cinder after oslo utils sync (was: creating a default for oslo config variables within a project?)
Sean Dague
sean at dague.net
Fri Dec 6 17:47:03 UTC 2013
So it still seems that we are at an impasse here on getting new olso
lockutils into cinder because it doesn't come with a working default.
As a recap - https://review.openstack.org/#/c/48935/ (that sync)
is blocked by failing upgrade testing, because lock_path has no default,
so it has to land config changes simultaneously on the commit otherwise
explode cinder on startup (as not setting that variable explodes as a
fatal error). I consider that an upgrade blocker, and am not comfortable
with the work around - https://review.openstack.org/#/c/52070/3
I've proposed an oslo patch that would give us a default plus an ERROR
log message if you used it - https://review.openstack.org/#/c/60274/
The primary concern here is that it opens up a local DOS attack because
it's a well known directory. This is a valid concern. My feeling is you
are lost anyway if you have malicious users on your system, and if we've
narrowed them down to only DOSing (which there other ways they could do
that), I think we've narrowed the surface enough to make this acceptable
at the ERROR log level. However there are objections, so at this point
it seems like we needed to summarize the state of the world, get this
back onto the list with a more descriptive subject, and see who else
wants to weigh in.
-Sean
--
Sean Dague
http://dague.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131206/c94a4a66/attachment.pgp>
More information about the OpenStack-dev
mailing list