yahoo-eng-team team mailing list archive

[Justin Hopper <justin.hopper@xxxxxx>]

Public bug reported:

The use of instance lock should be to prevent unwanted modification of
the underlying VM. In the case of Trove, we are using it to help lock
down instances to ensure integrity and protect secrets which are needed
by the resident Trove Agent.  Even though we lock a machine, the end-
user can still take a snapshot of the instance to create an image, then
restore the image in an unrestricted manner.  Once they have access to
this restored image, it can up the Trove Control Plane for compromise.
Simply adding a check_instance_lock around live_instance_snapshot and
snapshot would be sufficient.

** Affects: nova
     Importance: Undecided
         Status: New

** Summary changed:

- Instance Lock still allows Snapshot/Restore
+ Instance Lock should protect Snapshot/Restore

** Summary changed:

- Instance Lock should protect Snapshot/Restore
+ Instance Lock should protect Snapshot

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1314741

Title:
  Instance Lock should protect Snapshot

Status in OpenStack Compute (Nova):
  New

Bug description:
  The use of instance lock should be to prevent unwanted modification of
  the underlying VM. In the case of Trove, we are using it to help lock
  down instances to ensure integrity and protect secrets which are
  needed by the resident Trove Agent.  Even though we lock a machine,
  the end-user can still take a snapshot of the instance to create an
  image, then restore the image in an unrestricted manner.  Once they
  have access to this restored image, it can up the Trove Control Plane
  for compromise.  Simply adding a check_instance_lock around
  live_instance_snapshot and snapshot would be sufficient.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1314741/+subscriptions