yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2081290] [NEW] nova still check the image data-file even disable_deep_image_inspection is set True

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Wenping Song <2081290@xxxxxxxxxxxxxxxxxx>
Date: Fri, 20 Sep 2024 09:50:56 -0000
Reply-to: Bug 2081290 <2081290@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

Base on the security leak bug 2059809, when i set
'disable_deep_image_inspection = True' to skip the image data-file check
in nova-compute.conf file [workarounds] group, create vm fails with the
exception: 'nova.exception.BuildAbortException: Build of instance
30c2ae32-bc04-4253-9b54-b4f55c4997f0 aborted: Image
a711872c-b8b9-417f-a7a4-3f6723194f33 is unacceptable: fmt=qcow2 has
data-file: /etc/passwd', seems the data-file in images still be checked.

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2081290

Title:
  nova still check the image data-file even
  disable_deep_image_inspection is set True

Status in OpenStack Compute (nova):
  New

Bug description:
  Base on the security leak bug 2059809, when i set
  'disable_deep_image_inspection = True' to skip the image data-file
  check in nova-compute.conf file [workarounds] group, create vm fails
  with the exception: 'nova.exception.BuildAbortException: Build of
  instance 30c2ae32-bc04-4253-9b54-b4f55c4997f0 aborted: Image
  a711872c-b8b9-417f-a7a4-3f6723194f33 is unacceptable: fmt=qcow2 has
  data-file: /etc/passwd', seems the data-file in images still be
  checked.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2081290/+subscriptions