O.k., more trouble: the patch for glance is using the output of "qemu-img info" in order to decide whether to reject the image, which I though was to be avoided? In addition, when using a file that is not world-readable as data_file, that command will simply error out with:
$ qemu-img info ~/devstack/disk.qcow2
qemu-img: Could not open '/home/ubuntu/devstack/disk.qcow2': Could not open '/etc/sudoers': Permission denied
and thus the check will not trigger and consequently will still accept the malicious image.
O.k., more trouble: the patch for glance is using the output of "qemu-img info" in order to decide whether to reject the image, which I though was to be avoided? In addition, when using a file that is not world-readable as data_file, that command will simply error out with:
$ qemu-img info ~/devstack/ disk.qcow2 ubuntu/ devstack/ disk.qcow2' : Could not open '/etc/sudoers': Permission denied
qemu-img: Could not open '/home/
and thus the check will not trigger and consequently will still accept the malicious image.