Reviewed: https://review.openstack.org/327624
Committed:
https://git.openstack.org/cgit/openstack/nova/commit/?id=6bc37dcceca823998068167b49aec6def3112397
Submitter: Jenkins
Branch: stable/liberty
commit 6bc37dcceca823998068167b49aec6def3112397
Author: Daniel P. Berrange <berra...@redhat.com>
Date: Mon Apr 18 16:32:19 2016 +0000
virt: set address space & CPU time limits when running qemu-img
This uses the new 'prlimit' parameter for oslo.concurrency execute
method, to set an address space limit of 1GB and CPU time limit
of 2 seconds, when running qemu-img.
This is a re-implementation of the previously reverted commit
commit da217205f53f9a38a573fb151898fbbeae41021d
Author: Tristan Cacqueray <tdeca...@redhat.com>
Date: Wed Aug 5 17:17:04 2015 +0000
virt: Use preexec_fn to ulimit qemu-img info call
NOTE (kchamart) [stable/liberty]: Add a check for the presence of
'ProcessLimits' attribute (which is only present in
oslo.concurrency>=2.6.1; and a conditional check for 'prlimit' parameter
in qemu_img_info() method.
Upstream discussion[1][2] that led to merging this patch to
stable/liberty branch.
[1]
http://lists.openstack.org/pipermail/openstack-dev/2016-September/104091.html
[2]
http://lists.openstack.org/pipermail/openstack-dev/2016-September/104303.html
Closes-Bug: #1449062
Change-Id: I135b5242af1bfdcb0ea09a6fcda21fc03a6fbe7d
(cherry picked from commit 068d851561addfefb2b812d91dc2011077cb6e1d)
** Changed in: cloud-archive/liberty
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1449062
Title:
qemu-img calls need to be restricted by ulimit (CVE-2015-5162)
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1449062/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
