OpenStack Compute (nova)

Instance Lock should protect Snapshot

Bug #1314741 reported by Justin Hopper
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Invalid
Undecided
Unassigned

Bug Description

The use of instance lock should be to prevent unwanted modification of the underlying VM. In the case of Trove, we are using it to help lock down instances to ensure integrity and protect secrets which are needed by the resident Trove Agent. Even though we lock a machine, the end-user can still take a snapshot of the instance to create an image, then restore the image in an unrestricted manner. Once they have access to this restored image, it can up the Trove Control Plane for compromise. Simply adding a check_instance_lock around live_instance_snapshot and snapshot would be sufficient.

Tags: compute
Justin Hopper (justin-hopper)
summary: - Instance Lock still allows Snapshot/Restore
+ Instance Lock should protect Snapshot/Restore
summary: - Instance Lock should protect Snapshot/Restore
+ Instance Lock should protect Snapshot
Tracy Jones (tjones-i)
tags: added: compute
melanie witt (melwitt)
Changed in nova:
assignee: nobody → Melanie Witt (melwitt)
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/99910

Changed in nova:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on nova (master)

Change abandoned by melanie witt (<email address hidden>) on branch: master
Review: https://review.openstack.org/99910
Reason: Based on ML thread [1] snapshot should be allowed for locked instances. Instance lock is a feature for preventing accidental change/deletion of instances and isn't intended to lock out voluntary actions or protect the content of an instance.

[1] http://lists.openstack.org/pipermail/openstack-dev/2014-June/037853.html

melanie witt (melwitt)
Changed in nova:
importance: Medium → Undecided
status: In Progress → Invalid
melanie witt (melwitt)
Changed in nova:
assignee: melanie witt (melwitt) → nobody
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to nova (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/101972

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to nova (master)

Reviewed: https://review.openstack.org/101972
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=1c88b2d9cb097c27cab71dc52ae92bf66f3e8d0d
Submitter: Jenkins
Branch: master

commit 1c88b2d9cb097c27cab71dc52ae92bf66f3e8d0d
Author: melanie witt <email address hidden>
Date: Mon Jun 23 18:18:13 2014 +0000

    add comment about why snapshot/backup have no lock check

    This comment is intended to reduce further confusion about why a
    lock check hasn't been implemented for snapshot and backup.

    Change-Id: I8d89ca7b15d6713221af2d0535f9ed338ca70612
    Related-Bug: #1314741

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.