** Changed in: nova Importance: Medium => Undecided ** Changed in: nova Status: In Progress => Invalid
-- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1314741 Title: Instance Lock should protect Snapshot Status in OpenStack Compute (Nova): Invalid Bug description: The use of instance lock should be to prevent unwanted modification of the underlying VM. In the case of Trove, we are using it to help lock down instances to ensure integrity and protect secrets which are needed by the resident Trove Agent. Even though we lock a machine, the end-user can still take a snapshot of the instance to create an image, then restore the image in an unrestricted manner. Once they have access to this restored image, it can up the Trove Control Plane for compromise. Simply adding a check_instance_lock around live_instance_snapshot and snapshot would be sufficient. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1314741/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp