7022657: Copy-on-write cloning of images stopped working

Hardened glance policy.json added the following entries to prevent attacks when “show_multiple_locations” option is being used:

“delete_image_location”: “role:admin”,

“get_image_location”: “role:admin”,

“set_image_location”: “role:admin”,

This change prevents access to the location parameter with default configuration, therefore image is not found for copy-on-write procedure. Instead it is copied to the compute node and back to ceph cluster. Therefore node may run out of disk space and crash.


  • No Related Posts

Leave a Reply