openstack team mailing list archive

Thread
Date

Re: File injection support

To: Pádraig Brady <P@xxxxxxxxxxxxxx>
From: Scott Moser <smoser@xxxxxxxxxx>
Date: Tue, 12 Jun 2012 10:46:52 -0400 (EDT)
Cc: "igor.laskovy@xxxxxxxxx" <igor.laskovy@xxxxxxxxx>, openstack <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <4FD74BC2.6020904@draigBrady.com>
Sender: Scott Moser <ssmoser2@xxxxxxxxx>
User-agent: Alpine 2.02 (DEB 1266 2009-07-14)

On Tue, 12 Jun 2012, Pádraig Brady wrote:

> 4. Also for a loop device that is connected,
> I get a "failed" warning, but the EXIT_SUCCESS
> is appropriate in that case as the mapped device
> is present and usable
>   # kpartx -a /dev/loop0
>  /dev/mapper/loop0p1: mknod for loop0p1 failed: File exists
>
> That last item is related to the new code for auto parsing partitions.
>
> That's only available since kernel 3.2 I think so we'll have to
> be wary on relying on it.

Its worth noting that mounting untrusted filesystems from the host
is not really safe. See "Security of mounting filesystems" at
http://libguestfs.org/guestfs.3.html .

The libguestfs path for this is safer.  So really we should be looking to
fix this issue by stronger recommendation or requirement on libguestfs.
Or some other non-kernel level filesystem modification.

References

File injection support
From: Nicolae Paladi, 2012-05-29
Re: File injection support
From: Pádraig Brady, 2012-05-29
Re: File injection support
From: Fredric Morenius, 2012-05-30
Re: File injection support
From: Pádraig Brady, 2012-05-30
Re: File injection support
From: Fredric Morenius, 2012-06-08
Re: File injection support
From: Pádraig Brady, 2012-06-08
Re: File injection support
From: Scott Moser, 2012-06-08
Re: File injection support
From: Pádraig Brady, 2012-06-08
Re: File injection support
From: Vishvananda Ishaya, 2012-06-10
Re: File injection support
From: Fredric Morenius, 2012-06-11
Re: File injection support
From: Scott Moser, 2012-06-11
Re: File injection support
From: Pádraig Brady, 2012-06-12