nova config json owned by nova instead of root

Bug #1539388 reported by Steven Dake on 2016-01-29
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla
Medium
Steven Dake

Bug Description

this is a security risk, as a container breakout could alter the nova.conf in serious detrimental ways possibly even being able to root the entire data center by modifying nova's interaction with libvirt.

Steven Dake (sdake) on 2016-01-29
Changed in kolla:
status: New → Confirmed
importance: Undecided → Critical
milestone: none → mitaka-3
assignee: nobody → Steven Dake (sdake)
Steven Dake (sdake) wrote :

At the midcycle we determined there is no way to rectify this problem. We can rectify the rootwrap file ownershp problem however which we will do as part of the drop root blueprint.

Changed in kolla:
importance: Critical → Medium
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers