OpenStack Compute (nova)

  1. Series newton
  2. Bug #1649527
  3. Comment #21

Comment 21 for bug 1649527

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/411936
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=847952927c60ed0577bc835adf607ed7b8f15240
Submitter: Jenkins
Branch: master

commit 847952927c60ed0577bc835adf607ed7b8f15240
Author: Neil Jerram <email address hidden>
Date: Fri Dec 16 17:49:59 2016 +0000

    libvirt: avoid generating script with empty path

    Previously, libvirt just appended 'script=' onto the QEMU cmd line
    according to what <script path=''/> contained, letting QEMU execute the
    script. That was flawed from security POV (you don't want QEMU to be
    allowed to execute anything), so newer libvirt (as of [1]) executes the
    script now. But the libvirt code doesn't allow this corner case (of
    allowing and ignoring an empty script path) whereas apparently the QEMU
    code does.

    So the Nova setting of '' used to work by accident, but now does not.

    [1]
    http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=9c17d66 (autocreate
    tap device for ethernet network type)

    Closes-Bug: #1649527
    Change-Id: I4f97c05e2dec610af22a5150dd27696e1d767896