[Openstack] How do I stop image-create from using /tmp?

Matt Joyce matt.joyce at cloudscaling.com
Mon Jul 2 17:24:02 UTC 2012


I like the idea of making this a flagfile option.

On Mon, Jul 2, 2012 at 2:48 AM, Daniel P. Berrange <berrange at redhat.com>wrote:

> On Sat, Jun 30, 2012 at 09:25:10PM -0400, Lars Kellogg-Stedman wrote:
> > > So, maybe setting any of this environment variables for nova-compute
> > > to desired value sholuld help.
> >
> > Yeah, I was expecting that.
> >
> > Given that this could easily take out a compute host I'd like to see
> > it get an explicit configuration value (or default to instance_dir, I
> > guess).
>
> In Fedora 18, /tmp is going to be a RAM filesystem, so we absolutely
> must not create any sizeable files on /tmp.
>
> In addition from a security POV, we must aim to *never* use /tmp for
> anything at all
>
>   http://danwalsh.livejournal.com/11467.html
>
> It would be good to do a thorough audit of the code to make sure
> nothing is using the tmpfile functions without explicitly specifying
> a directory path that is private to the OpenStack daemon in question.
>
> Regards,
> Daniel
> --
> |: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/:|
> |: http://libvirt.org              -o-             http://virt-manager.org:|
> |: http://autobuild.org       -o-         http://search.cpan.org/~danberr/:|
> |: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc:|
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120702/4294ceee/attachment.html>


More information about the Openstack mailing list