[openstack-dev] [nova] Libguestfs: possibility not to use it, even when installed ?
Daniel P. Berrange
berrange at redhat.com
Mon Feb 23 11:04:49 UTC 2015
On Mon, Feb 23, 2015 at 11:52:29AM +0100, Raphael Glon wrote:
> On 02/23/2015 11:23 AM, Daniel P. Berrange wrote:
> >The alternative Nova implementation is*not* using fuse, it is using real
> >mounts on the host FS. This is not a potential issue, it is an*actual*
> >issue. There have been bugs in Linux filesystem drivers, including ext4,
> >that would have allowed a malicous kernel image to crash and/or exploit
> >the host kernel if mounted.
> >
> > http://libguestfs.org/guestfs.3.html#security-of-mounting-filesystems
>
> Ok noted -> so why is losetup or qemu-nbd still proposed by nova and still
> the default method ?
Libguestfs method takes priority if it is installed on the host, but
the legacy code still exists for benefit of existing deployed setups
and drivers which don't have qemu/kvm available, eg LXC containers.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the OpenStack-dev
mailing list