I like the idea of making this a flagfile option. On Mon, Jul 2, 2012 at 2:48 AM, Daniel P. Berrange <berra...@redhat.com>wrote:
> On Sat, Jun 30, 2012 at 09:25:10PM -0400, Lars Kellogg-Stedman wrote: > > > So, maybe setting any of this environment variables for nova-compute > > > to desired value sholuld help. > > > > Yeah, I was expecting that. > > > > Given that this could easily take out a compute host I'd like to see > > it get an explicit configuration value (or default to instance_dir, I > > guess). > > In Fedora 18, /tmp is going to be a RAM filesystem, so we absolutely > must not create any sizeable files on /tmp. > > In addition from a security POV, we must aim to *never* use /tmp for > anything at all > > http://danwalsh.livejournal.com/11467.html > > It would be good to do a thorough audit of the code to make sure > nothing is using the tmpfile functions without explicitly specifying > a directory path that is private to the OpenStack daemon in question. > > Regards, > Daniel > -- > |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/:| > |: http://libvirt.org -o- http://virt-manager.org:| > |: http://autobuild.org -o- http://search.cpan.org/~danberr/:| > |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc:| > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp