ok. so i've not been able to actually exploit this on my oneiric development system which is running trunk with 'novascript'.
What I was trying was:
* upload a kernel $AKI
* create ramdisk $ARI that functions as a root device with ssh (i was able to re-use the root filesystem from ttylinux.tar.gz image, I just had to create a symlink to /sbin/init from /init and bundle it as a initramfs friendly cpio archive).
After that, I can boot an instance with that kernel and intiramfs and have access to the disk that I upload.
Then, i had a running instance that has access /dev/vda.
However, when i create a image like 'qemu-img create -f qcow2 -b /home/ubuntu/src/nova/instances/instance-00000054/disk backed-by-i054.img' and upload that with the given AKI and ARI from above, I get permission denied errors in the log. This is obviously good, but i'm not quite sure why i'm getting them.
So, to be fair, at this point i have not actually been able to exploit this.
ok. so i've not been able to actually exploit this on my oneiric development system which is running trunk with 'novascript'.
What I was trying was:
* upload a kernel $AKI
* create ramdisk $ARI that functions as a root device with ssh (i was able to re-use the root filesystem from ttylinux.tar.gz image, I just had to create a symlink to /sbin/init from /init and bundle it as a initramfs friendly cpio archive).
After that, I can boot an instance with that kernel and intiramfs and have access to the disk that I upload.
Then, i had a running instance that has access /dev/vda.
However, when i create a image like 'qemu-img create -f qcow2 -b /home/ubuntu/ src/nova/ instances/ instance- 00000054/ disk backed-by-i054.img' and upload that with the given AKI and ARI from above, I get permission denied errors in the log. This is obviously good, but i'm not quite sure why i'm getting them.
So, to be fair, at this point i have not actually been able to exploit this.