Hey Rich,
On Wed, 2011-11-09 at 18:23 +0000, Richard W.M. Jones wrote:
At the moment OpenStack uses kpartx and nbd to resize filesystems
and
inject files to guests. I sincerely hope they don't allow untrusted
users to upload guest images / AMIs :-(
I'm not saying the current situation is ideal, but could you talk me
through exactly what the concerns are with what OpenStack is currently
doing with potentially untrusted images?
Is it this one?
http://libguestfs.org/guestfs.3.html#security_of_mounting_filesystems
"there are very many filesystem drivers in the kernel, and many of
them are infrequently used and not much developer attention has been
paid to the code. Linux userspace helps potential crackers by
detecting the filesystem type and automatically choosing the right
VFS driver, even if that filesystem type is obscure or unexpected for
the administrator."
I guess passing e.g. '-t ext2,ext3' to the mount command would mitigate
this?
Any other glaring issues with what it's doing?
To fix this I'm looking into adding libguestfs support as an
optional
backend in OpenStack.
Awesome!
The only missing feature in libguestfs is the ability to call
tune2fs
on a filesystem. This patch series adds tune2fs support. This also
reveals a few bugs in the generator when you start to have calls with
lots of required and optional parameters.
Cool stuff.
Cheers,
Mark.