Hey Rich, On Wed, 2011-11-09 at 18:23 +0000, Richard W.M. Jones wrote: > At the moment OpenStack uses kpartx and nbd to resize filesystems and > inject files to guests. I sincerely hope they don't allow untrusted > users to upload guest images / AMIs :-(
I'm not saying the current situation is ideal, but could you talk me through exactly what the concerns are with what OpenStack is currently doing with potentially untrusted images? Is it this one? http://libguestfs.org/guestfs.3.html#security_of_mounting_filesystems "there are very many filesystem drivers in the kernel, and many of them are infrequently used and not much developer attention has been paid to the code. Linux userspace helps potential crackers by detecting the filesystem type and automatically choosing the right VFS driver, even if that filesystem type is obscure or unexpected for the administrator." I guess passing e.g. '-t ext2,ext3' to the mount command would mitigate this? Any other glaring issues with what it's doing? > To fix this I'm looking into adding libguestfs support as an optional > backend in OpenStack. Awesome! > The only missing feature in libguestfs is the ability to call tune2fs > on a filesystem. This patch series adds tune2fs support. This also > reveals a few bugs in the generator when you start to have calls with > lots of required and optional parameters. Cool stuff. Cheers, Mark. _______________________________________________ Libguestfs mailing list Libguestfs@redhat.com https://www.redhat.com/mailman/listinfo/libguestfs
