[Openstack] How do I stop image-create from using /tmp?
Daniel P. Berrange
berrange at redhat.com
Mon Jul 2 09:48:16 UTC 2012
On Sat, Jun 30, 2012 at 09:25:10PM -0400, Lars Kellogg-Stedman wrote:
> > So, maybe setting any of this environment variables for nova-compute
> > to desired value sholuld help.
>
> Yeah, I was expecting that.
>
> Given that this could easily take out a compute host I'd like to see
> it get an explicit configuration value (or default to instance_dir, I
> guess).
In Fedora 18, /tmp is going to be a RAM filesystem, so we absolutely
must not create any sizeable files on /tmp.
In addition from a security POV, we must aim to *never* use /tmp for
anything at all
http://danwalsh.livejournal.com/11467.html
It would be good to do a thorough audit of the code to make sure
nothing is using the tmpfile functions without explicitly specifying
a directory path that is private to the OpenStack daemon in question.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the Openstack
mailing list