Comment 6 for bug 1996188
Revision history for this message
| Dan Smith (danms) wrote Re: Arbitrary file access through custom VMDK flat descriptor | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
The backing file check in fetch_image() only applies to qcow2, not vmdk. If we make it to there with a VMDK file, the backing_file check won't apply and we'll do the bad thing during the raw conversion.
That said, I just realized that our image type support for libvirt does not declare that we support VMDK. That means *if* you have that feature enabled, we won't ever send instances to libvirt computes if a VMDK image is used. That further limits the scope of impacted people (and versions), but I think if you have that disabled, you'll still get there.
I assume the reporter was using the libvirt driver but I suppose it's worth checking.
Either way, I'm testing a patch to detect/reject this in nova now.