| opendevreview | mengxiangzhi proposed openstack/cinder master: Support ZTE driver plugin code https://review.opendev.org/c/openstack/cinder/+/968761 | 01:56 |
|---|---|---|
| *** mhen_ is now known as mhen | 02:22 | |
| opendevreview | mengxiangzhi proposed openstack/cinder master: Support ZTE driver plugin code https://review.opendev.org/c/openstack/cinder/+/968761 | 05:45 |
| opendevreview | mengxiangzhi proposed openstack/cinder master: Support ZTE driver plugin code https://review.opendev.org/c/openstack/cinder/+/968761 | 10:45 |
| opendevreview | mengxiangzhi proposed openstack/cinder master: Support ZTE driver plugin code https://review.opendev.org/c/openstack/cinder/+/968761 | 11:00 |
| opendevreview | mengxiangzhi proposed openstack/cinder master: Support ZTE driver plugin code https://review.opendev.org/c/openstack/cinder/+/968761 | 11:07 |
| opendevreview | mengxiangzhi proposed openstack/cinder master: Support ZTE driver plugin code https://review.opendev.org/c/openstack/cinder/+/968761 | 11:12 |
| opendevreview | Abhishek Gupta proposed openstack/cinder master: Add support for Dell PowerFlex Driver UT coverage https://review.opendev.org/c/openstack/cinder/+/961355 | 15:24 |
| opendevreview | Abhishek Gupta proposed openstack/cinder master: Dell PowerFlex : Add support for Dell PowerFlex 5.1 https://review.opendev.org/c/openstack/cinder/+/950546 | 16:04 |
| mhen | Hi. I have found that I can circumvent any Glance Property Protections [1] by creating a volume from an image and then using `openstack volume set --image-property key=value` on it even if the same property key would have been denied by Glance. | 17:12 |
| mhen | [1] https://docs.openstack.org/glance/latest/admin/property-protections.html | 17:12 |
| mhen | The original blueprint for the Cinder feature to modify those properties did include a section about mimicking the property protection within Cinder [2] but it seems that part was never implemented? | 17:13 |
| mhen | [2] https://specs.openstack.org/openstack/cinder-specs/specs/liberty/support-modify-volume-image-metadata.html#documentation-impact | 17:13 |
| mhen | I cannot find any references in the code or documentation of Cinder that would suggest that any such protection is available, or am I looking in the wrong places? | 17:15 |
| mhen | Is disabling `volume_extension:volume_image_metadata:set` via API policy RBAC the only way to avoid this exploitation by end users? | 17:17 |
| opendevreview | Abhishek Gupta proposed openstack/cinder master: Add support for Dell PowerFlex Driver UT coverage https://review.opendev.org/c/openstack/cinder/+/961355 | 17:44 |
| opendevreview | Konrad Gube proposed openstack/cinder-specs master: Propose support for assisted extending of attached volumes https://review.opendev.org/c/openstack/cinder-specs/+/949509 | 19:00 |
| opendevreview | Konrad Gube proposed openstack/cinder-specs master: Propose support for assisted online volume extend https://review.opendev.org/c/openstack/cinder-specs/+/949509 | 19:12 |
| opendevreview | Konrad Gube proposed openstack/cinder-specs master: Propose support for assisted online volume extend https://review.opendev.org/c/openstack/cinder-specs/+/949509 | 19:15 |
| jbernard | mhen: i think you may be correct | 20:00 |
| jbernard | mhen: i cannot find any references either | 20:00 |
| rosmaita | mhen: isn't it the case that you can add image metadata to a volume, but when you go to upload the volume as an image, the image creation will fail because of property protection violations? | 20:04 |
| rosmaita | so i don't think you can do an exploit, i think what you have is a bad user experience | 20:04 |
| opendevreview | Ivan Anfimov proposed openstack/cinder master: Remove installation guide for openSUSE/SLES https://review.opendev.org/c/openstack/cinder/+/948766 | 20:23 |
| opendevreview | Abhishek Gupta proposed openstack/cinder master: Add support for Dell PowerFlex Driver UT coverage https://review.opendev.org/c/openstack/cinder/+/961355 | 20:31 |
| opendevreview | Merged openstack/cinder master: api: Simplify enable/disable APIs (clusters) https://review.opendev.org/c/openstack/cinder/+/965836 | 21:52 |
| opendevreview | Merged openstack/cinder master: tests: Add API sample tests for os-services API https://review.opendev.org/c/openstack/cinder/+/965837 | 21:52 |
| jbernard | agalica_: heya, i couldn't quickly find your lp username, take a look at https://bugs.launchpad.net/cinder/+bug/2133572 if you get a chance | 21:55 |
| opendevreview | Merged openstack/cinder master: NetApp: Fix terminate_connection on unmapped vol https://review.opendev.org/c/openstack/cinder/+/731167 | 22:37 |
| *** agalica_ is now known as agalica | 22:43 | |
| agalica | jberhard: will do | 22:48 |
| opendevreview | Anthony Galica proposed openstack/cinder master: Hitachi: Add Adaptive QoS setting based on volume size. https://review.opendev.org/c/openstack/cinder/+/967141 | 23:40 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!