Comment 0 for bug 1251590
Revision history for this message
| Loganathan Parthipan (parthipan) wrote Live migration can leak root disk into ephemeral storage | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
During pre-live-migration required disks are created along with their backing files (if they don't already exist). However, the root disk is used even for ephemeral backing file.
1. If the required ephemeral backing file is present then there's no issue.
2. If the required ephemeral backing file is not already present, then the root disk is downloaded and saved as the ephemeral backing file. This will result in the following situations:
2.1 The disk.local transferred during live-migration will be rebased on the ephemeral backing file so regardless of the content, the end result will be identical to the source disk.local.
2.2 However, if a new instance of the same flavor is spawned on this compute node, then it will have an ephemeral storage that exposes a root disk.
Security concerns:
If the migrated VM was spawned off a snapshot, now it's possible for any instances of the correct flavor to see the snapshot contents via the ephemeral storage.