Comment 6 for bug 2039381

reviewing the steps rene performed and the initial bug description this work flow is not supported

nova has never supported attaching a volume to a guest via the cidner API
and detaching it has been explicitly blocked due to the cve exposures

so for nova i belive this is invalid.

cinder likely should prevent normal user form creating attachments for a nova instance with the same mitigation as the detach case.

creating a volume attachment for a nova instance should require a service token with the service role
just as delete does.