** Changed in: nova
Importance: Medium => Undecided
** Changed in: nova
Status: In Progress => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1314741
Title:
Instance Lock should protect Snapshot
Status in OpenStack Compute (Nova):
Invalid
Bug description:
The use of instance lock should be to prevent unwanted modification of
the underlying VM. In the case of Trove, we are using it to help lock
down instances to ensure integrity and protect secrets which are
needed by the resident Trove Agent. Even though we lock a machine,
the end-user can still take a snapshot of the instance to create an
image, then restore the image in an unrestricted manner. Once they
have access to this restored image, it can up the Trove Control Plane
for compromise. Simply adding a check_instance_lock around
live_instance_snapshot and snapshot would be sufficient.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1314741/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
