mount_check does not prevent writing to root mount
Bug #1470576 reported by
Doug Mayer
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Fix Released
|
Medium
|
Ben Martin |
Bug Description
Running Swift 2.2.2 on Ubuntu 14.04 x64.
/etc/swift/
[DEFAULT]
mount_check = true
When the drive-audit service unmounts a failing drive, the object-server service creates a directory in the root mount and syncs files into it, filling up the root partition.
As a workaround (though we'll see a lot of errors in the logs), we are able to chown /srv/node to root, preventing the swift user from writing to it after an unmount.
CVE References
Changed in swift: | |
assignee: | nobody → Ben Martin (blmartin) |
Changed in swift: | |
status: | Confirmed → In Progress |
Changed in swift: | |
milestone: | none → 2.4.0 |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
I don't think mount_check was meant to prevent that behavior (It's for the quick 507 support) - but it *is* very annoying.
... somewhere there's a makedirs call that we need to replace with something custom that won't create directories in the configured devices.