Bug#657319: marked as done (opennebula: Insecure permissions on deployed image disks)

[Debian Bug Tracking System]

Your message dated Tue, 05 Jun 2012 00:19:21 +0200
with message-id <4fcd3469.7020...@drazzib.com>
and subject line Re: [Pkg-opennebula-devel] Bug#657319: issue in upstream
has caused the Debian Bug report #657319,
regarding opennebula: Insecure permissions on deployed image disks
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
657319: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657319
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: opennebula
Version: 2.2.1-1
Severity: normal

AFAICT, on opennebula nodes where VMs are deployed, the image files for the VM 
disks (at least with a basic KVM VM I've tested) are R/W accessible by all 
users :

$ ls -l /var/lib/one/4/images/disk.0
-rw-rw-rw- 1 root root 1073741824 25 janv. 16:29 /var/lib/one/4/images/disk.0

I think this should be restricted to users like oneadmin.

Hope this helps.

Best regards,

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (900, 'testing'), (300, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.1.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages opennebula depends on:
ii  libc6                             2.13-24
ii  libgcc1                           1:4.6.2-11
ii  libmysqlclient16                  5.1.58-1
ii  libpassword-ruby                  0.5.3-3
ii  libsequel-ruby                    3.31.0-1
ii  libsqlite3-0                      3.7.9-2
ii  libssl1.0.0                       1.0.0g-1
ii  libstdc++6                        4.6.2-11
ii  libxml2                           2.7.8.dfsg-5.1
ii  libxmlrpc-c++4                    1.16.33-3.1
ii  libxmlrpc-core-c3                 1.16.33-3.1
ii  opennebula-common                 2.2.1-1
ii  ruby                              4.8
ii  ruby-password [libpassword-ruby]  0.5.3-3
ii  ruby-sequel [libsequel-ruby]      3.31.0-1
ii  ruby1.8 [ruby]                    1.8.7.352-2
ii  rubygems                          1.8.10-1

Versions of packages opennebula recommends:
ii  libmysql-ruby                   2.8.2+gem2deb-1
ii  libsqlite3-ruby                 1.3.5-1
ii  ruby-mysql [libmysql-ruby]      2.8.2+gem2deb-1
ii  ruby-sqlite3 [libsqlite3-ruby]  1.3.5-1

Versions of packages opennebula suggests:
pn  libamazonec2-ruby  <none>
pn  mysql-server       <none>

-- debconf-show failed

--- End Message ---

--- Begin Message ---

Version: 3.4.1-2

On 16/02/2012 20:03, Jaime Melis wrote:
> This is true, there's an open issue in upstream to solve this problem:
> http://dev.opennebula.org/issues/1034

It seems to be fixed with 3.4.1 :

sudo ls -la /var/lib/one/datastores/1/99e661d38a121715855cb48550764deb


-rw-r----- 1 oneadmin root 41943040 mai   27 01:12
/var/lib/one/datastores/1/99e661d38a121715855cb48550764deb

Thanks.
-- 
Damien

--- End Message ---