Closed as "Opinion" in comment #5 and wrongly re-opened by follow up updates of this bug report.
** Changed in: nova Status: Confirmed => Opinion -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1218994 Title: file based disk images do not get scrubbed on delete Status in OpenStack Compute (nova): Opinion Bug description: Right now, LVM backed instances can be scrubbed (overwritten with zeros using dd) upon deletion. However, there is no such option with file backed images. While it is true that fallocate can handle some of this by returning 0s to the instance when reading any unwritten parts of the file, there are some cases where it is not desirable to enable fallocate. What would be preferred would be a similar the options cinder has implemented, so the operator can choose to shred or zero out the file, based on their organizations own internal data policies. A zero out option satisfies those that must ensure they scrub tenant data upon deletion, and shred would satisfy those beholden to DoD 5220-22. This would of course make file backed disks vulnerable to https://bugs.launchpad.net/nova/+bug/889299 but that might not be a bad thing considering its quite old. Attached an initial patch for nova/virt/libvirt/driver.py that performs the same LVM zero scrub routine to disk backed files, however it lacks any flags to enable or disable it right now. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1218994/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp