[Openstack] How do I stop image-create from using /tmp?
Matt Joyce
matt.joyce at cloudscaling.com
Mon Jul 2 17:24:02 UTC 2012
I like the idea of making this a flagfile option.
On Mon, Jul 2, 2012 at 2:48 AM, Daniel P. Berrange <berrange at redhat.com>wrote:
> On Sat, Jun 30, 2012 at 09:25:10PM -0400, Lars Kellogg-Stedman wrote:
> > > So, maybe setting any of this environment variables for nova-compute
> > > to desired value sholuld help.
> >
> > Yeah, I was expecting that.
> >
> > Given that this could easily take out a compute host I'd like to see
> > it get an explicit configuration value (or default to instance_dir, I
> > guess).
>
> In Fedora 18, /tmp is going to be a RAM filesystem, so we absolutely
> must not create any sizeable files on /tmp.
>
> In addition from a security POV, we must aim to *never* use /tmp for
> anything at all
>
> http://danwalsh.livejournal.com/11467.html
>
> It would be good to do a thorough audit of the code to make sure
> nothing is using the tmpfile functions without explicitly specifying
> a directory path that is private to the OpenStack daemon in question.
>
> Regards,
> Daniel
> --
> |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/:|
> |: http://libvirt.org -o- http://virt-manager.org:|
> |: http://autobuild.org -o- http://search.cpan.org/~danberr/:|
> |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc:|
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120702/4294ceee/attachment.html>
More information about the Openstack
mailing list