Comment 7 for bug 1227027
Revision history for this message
| Daniel Berrange (berrange) wrote Re: Insecure directory permissions with snapshot code | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
The issue isn't sharing between libvirt & nova, it is sharing between QEMU & nova.
Having a the directory be group writable shared between Nova & QEMU is really not a good idea, because it opens up an avenue for a compromised QEMU to attack Nova.
IMHO, if Nova needs to access files that are owned by the QEMU user, then it should be using rootwrap or some other kind of helper, not try to make them writable by two different user accounts which are intended to be privilege separated.