So far, your assessment is spot on from what we've seen. A migration (if you have live migrate that's even better) should net the same result for QEMU. Some have floated the idea of live migrate within the same host. I don't know if nova out of the box would support such a thing.
Thanks! Matt From: Tim Bell <tim.b...@cern.ch<mailto:tim.b...@cern.ch>> Date: Wednesday, May 13, 2015 9:31 AM To: "openstack-operators@lists.openstack.org<mailto:openstack-operators@lists.openstack.org>" <openstack-operators@lists.openstack.org<mailto:openstack-operators@lists.openstack.org>> Subject: [Openstack-operators] Venom vulnerability Looking through the details of the Venom vulnerability, https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/, it would appear that the QEMU processes need to be restarted. Our understanding is thus that a soft reboot of the VM is not sufficient but a hard one would be OK. Some quick tests have shown that a suspend/resume of the VM also causes a new process. How are others looking to address this vulnerability ? (I guess the security session will have a few extra people signing up in Vancouver now...) Tim
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
