[Openstack] [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
Matt Joyce
matt.joyce at cloudscaling.com
Tue Aug 14 18:30:29 UTC 2012
I have to ask. Wasn't FUSE designed to do alot of this stuff? It is
userspace and it doesn't do nasty stuff to file systems. Why aren't we
going that route?
-Matt
On Tue, Aug 14, 2012 at 11:05 AM, Richard W.M. Jones <rich at annexia.org>wrote:
> On Wed, Aug 08, 2012 at 11:08:48AM +0100, Daniel P. Berrange wrote:
> > Also note that current work is being done to make libguestfs use
> > libvirt to launch its appliance VMs, at which point libguestfs VMs
> > will be strongly confined by sVirt (SELinux/AppArmour), and also
> > able to run as a separate user ID.
>
> Thanks for the advert Dan :-)
>
> If you've got libguestfs >= 1.19.25, then you can in fact already use
> libvirt to manage the appliance. You just need to set the environment
> variable LIBGUESTFS_ATTACH_METHOD=libvirt before running the
> libguestfs-using tool.
>
> SELinux confinement is nearly working too. I'm just waiting on a
> change to the SELinux policy before it's done.
>
> Fedora 18 will have all the necessary bits.
>
> Rich.
>
> --
> Richard Jones
> Red Hat
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120814/bdfdaa26/attachment.html>
More information about the Openstack
mailing list