On Wed, Jun 26, 2013 at 07:23:44PM +0000, Collins, Robert (HPCS) wrote: > Hi, I'm the project lead for TripleO (OpenStack on OpenStack - a > disk image based approach to deploying and maintaining OpenStack > clouds), and we have a tool 'diskimage-builder' which consumes > upstream vendor cloud images and customises them. Why don't you use libguestfs for this? I see you have a list of "safe" disk images, but still .. using losetup and mount to mount disk images that you download from the net on your host kernel is very dangerous. A rogue filesystem which exploits a fsdriver bug bypasses all permissions checks, process boundaries, SELinux, and the usual things that we use to keep VMs safe. Plus libguestfs has a much cleaner API for modifying disk images, has a Python API[1] and it's already being used elsewhere in OpenStack. Rich. [1] http://libguestfs.org/guestfs-python.3.html -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v _______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/cloud
