xenapi: secgroups are not in place for a short duration after live-migration

Bug #1224587 reported by John Garbutt on 2013-09-12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)

Bug Description

The previous bug on security groups was only a partial fix:

There is a small amount of time where the security group is not in place.

The full fix for this may be possible using XenServer hooks, but may require modifications to XenServer.

(this is a security bug has already been made public in the other bugs around this issue)

Kurt Seifried (kseifried) wrote :

Does this issue require a CVE?

John Garbutt (johngarbutt) wrote :

I thought it was mentioned in an existing CVE around the fix.

John Garbutt (johngarbutt) wrote :

The best fix involves XenAPI starting the instance paused, so nova can make changes, maybe in a hook, maybe then starting the instance. Either way, needs XenServer changes really :(

Sean Dague (sdague) wrote :

Definitely not Triaged

Changed in nova:
status: Triaged → Confirmed
importance: Medium → Low
Sean Dague (sdague) wrote :

Marking as low as it is a single hypervisor backend

Changed in nova:
assignee: nobody → huan (huan-xie)
status: Confirmed → In Progress
Bob Ball (bob-ball) wrote :

Sorry - my mistake. I thought Huan's change fixed this; I don't believe so now and need further thought.

Changed in nova:
assignee: huan (huan-xie) → nobody
Changed in nova:
status: In Progress → Confirmed

This is an automated cleanup. This bug report has been closed because it
is older than 18 months and there is no open code change to fix this.
After this time it is unlikely that the circumstances which lead to
the observed issue can be reproduced.

If you can reproduce the bug, please:
* reopen the bug report (set to status "New")
* AND add the detailed steps to reproduce the issue (if applicable)
* AND leave a comment "CONFIRMED FOR: <RELEASE_NAME>"
  Only still supported release names are valid (LIBERTY, MITAKA, OCATA, NEWTON).

Changed in nova:
importance: Low → Undecided
status: Confirmed → Expired
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers