Comment 18 for bug 2071740
Revision history for this message
| Dmitry Tantsur (divius) wrote Re: Hardening: don't run qemu-img with unvalidated image data | #18 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
A positive side effect: doing it in ironic-lib will enforce that no access to qemu bypasses the security checks (ignoring the ansible deploy, which I"m not even sure we should fix given its nature). Judging by comment 16, it's still happening now.