[OSSA 2016-001] Unprivileged api user can access host data using instance snapshot (CVE-2015-7548)

Problem description:
There is a qcow2 format vulnerability in Nova's LibvirtDriver.snapshot method. The impact is that on an affected system, an unprivileged api user can retrieve any file on the host readable by the nova user. This includes guest data of other instances on the same host, and credentials used by nova to access other services externally.

LibvirtDriver.snapshot does:

    source_format = libvirt_utils.get_disk_type(disk_path)
    ...
    snapshot_backend = self.image_backend.snapshot(instance,
        disk_path,
        image_type=source_format)
    ...
    snapshot_backend.snapshot_extract(out_path, image_format)

libvirt_utils.get_disk_type falls back to image inspection for disks which are not lvm, rbd or ploop, which means raw and qcow2 images.
The vulnerability only exists when a user can write to a raw volume which is later erroneously detected as qcow2. This means that the vulnerability is only present on systems using the libvirt driver which have defined use_cow_images=False in nova.conf. This is not the default, so by default nova is not vulnerable.

Affected versions:
MOS 7.0, upcoming 8.0 (probably)

Upstream bug report:
https://bugs.launchpad.net/nova/+bug/1524274

Solution proposal:
Merge upstream patches into MOS maintenance updates.
- https://review.openstack.org/264819 (Kilo)
- https://review.openstack.org/264820 (Kilo)
- https://review.openstack.org/264821 (Kilo)
- https://review.openstack.org/264815 (Liberty)
- https://review.openstack.org/264816 (Liberty)
- https://review.openstack.org/264817 (Liberty)