Comment 65 for bug 2059809
Revision history for this message
| Dan Smith (danms) wrote Re: Arbitrary file access through QCOW2 external data file | #65 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
So glance has a format_inspector module that has almost all of what we need to detect the two conditions we need to avoid safely. My proposal would be to extend that in glance to do what we need, graft the relevant portions of that into nova and cinder in the short term, and then move it to oslo.something in the long-term so it can be used by the other projects from a central location.
Right after this I will attach a patch against glance that updates it to detect the data-file and backing-file conditions with a helper utility function to do that with just a filename. I'll also attach a replacement patch for glance making it use that method instead of the qemu-img-based one for detection prior to ever running qemu-img on a file. If that plan and those patches look good to people, I'll work on the graft for nova, which can be used as a basis for cinder.