Open Stack

On Mon, Feb 23, 2015 at 11:08:31AM +0100, Raphael Glon wrote:
> On 02/19/2015 12:45 PM, Richard W.M. Jones wrote:
> >On Wed, Feb 18, 2015 at 07:23:52PM +0100, Raphael Glon wrote:
> >>I entcountered a similar case more recently on powerkvm 2.1.0
> >>(defect with the libguestfs)
> >What's the actual bug?  We've worked hard, with IBM, to make
> >libguestfs work on POWER 7 and POWER 8 systems.  I have full access to
> >those systems through Red Hat.  If there's a new bug I'm sure we'll be
> >able to fix it.
> >
> >Rich.
> >
> Hi, thank you for all your answers.
> 
> Not saying there are "actual" bugs (anyway I'm stuck here because i would
> need to find time+environment to recheck all/reproduce) -> i haven't even
> deployed juno on pkvm yet
> 
> We've talked with ibm (and they have likely been working with you) and they
> are really responsive in fixing defects with their distribution
> 
> We've entcountered two problems with powerkvm regarding nova + libguestfs.
> 
> 1. since pkvm 2.1.x is forked from a Fedo 19, we fell back to this Red Hat
> bug you fixed regarding the attach method
> 
> Note that one of the workaround proposed was
> 
> sudo sysctl -w fs.protected_hardlinks=0 + common user nova/qemu
> 
> 
> -> Not a specialist here, but seems like to be able to use libguestfs to
> avoid "potential" issues with fuse mounts, we open other "potential" holes
> somewhere else

The alternative Nova implementation is *not* using fuse, it is using real
mounts on the host FS. This is not a potential issue, it is an *actual*
issue. There have been bugs in Linux filesystem drivers, including ext4,
that would have allowed a malicous kernel image to crash and/or exploit
the host kernel if mounted.

  http://libguestfs.org/guestfs.3.html#security-of-mounting-filesystems

The libguestfs architecture is explicitly designed such that any security
critical tasks take place inside an unprivileged KVM guest. So unless Nova
is using libguestfs in a broken way, the security of libguestfs is effectively
equivalent to the security of KVM in general. This is a faaar better security
architecture design


> 2. because pkvm 2.1.x is forked from fedo 19 it embeds rather old versions
> of libguestfs and libvirt.

Fedora 19 is end of life so not really relevant any more as a target.
If there are bugs you find in current versions of Fedora please file
bugs so they can be addressed.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|