openstack/glance
Code Issues Proposed changes
OpenStack Image Management (Glance)
7,178 Commits 11 Branches 54 Tags 131 MiB
Python 99.9%
9a98c4a7d1
Go to file
Dan Smith 9a98c4a7d1 Enforce image safety during image_conversion 
This does two things:

1. It makes us check that the QCOW backing_file is unset on those
types of images. Nova and Cinder do this already to prevent an
arbitrary (and trivial to accomplish) host file exposure exploit.
2. It makes us restrict VMDK files to only allowed subtypes. These
files can name arbitrary files on disk as extents, providing the
same sort of attack. Default that list to just the types we believe
are actually useful for openstack, and which are monolithic.

The configuration option to specify allowed subtypes is added in
glance's config and not in the import options so that we can extend
this check later to image ingest. The format_inspector can tell us
what the type and subtype is, and we could reject those images early
and even in the case where image_conversion is not enabled.

Closes-Bug: #1996188
Change-Id: Idf561f6306cebf756c787d8eefdc452ce44bd5e0
(cherry picked from commit 0d6282a016)
(cherry picked from commit 4967ab6935)
(cherry picked from commit dc8e5a5cc7)
(cherry picked from commit f45b5f024e)
2022-12-19 15:37:09 +00:00
api-ref/source Make some metadef operations admin-only 2021-03-15 07:59:05 -07:00
devstack Fail to start if authorization and policy is misconfigured 2021-03-02 14:52:21 +00:00
doc Remove SSL configuration section from docs 2021-08-05 16:02:32 +01:00
etc Refresh Glance example configs for Wallaby milestone 3 2021-03-08 08:59:50 +00:00
glance Enforce image safety during image_conversion 2022-12-19 15:37:09 +00:00
httpd Update http deploy docs to be a bit more explicit 2017-11-02 01:19:19 -04:00
playbooks Do not use OSC in infra playbook 2020-09-22 18:07:39 +01:00
rally-jobs Update some url links of rally/README.rst 2018-02-27 00:29:38 -08:00
releasenotes Add 22.0.1 release notes 2021-09-13 15:38:03 +01:00
tools Stream-friendly disk format inspection module 2020-08-05 08:41:55 -07:00
.coveragerc Update .coveragerc after the removal of openstack directory 2016-10-17 17:09:56 +05:30
.gitignore Move policy defaults into code 2020-01-06 12:56:30 -05:00
.gitreview Update .gitreview for stable/wallaby 2021-03-23 17:09:03 +00:00
.mailmap Add a mailmap entry for myself 2014-02-11 12:00:44 +08:00
.stestr.conf Use group_regex to serialize scrubber tests 2018-06-07 09:25:04 -04:00
.zuul.yaml [stable-only] Specify openstacksdk stable branch 2022-01-27 12:03:09 -05:00
bindep.txt Stream-friendly disk format inspection module 2020-08-05 08:41:55 -07:00
CONTRIBUTING.rst Community Goal: Project PTL & Contrib Docs Update 2020-03-11 06:09:47 +00:00
HACKING.rst Add doc8 to pep8 check for glance project 2018-01-19 08:20:56 +00:00
LICENSE Add a LICENSE file. 2012-01-03 10:14:01 -05:00
lower-constraints.txt Bump requirements to prepare for secure RBAC 2021-02-23 17:27:03 +00:00
pylintrc Typo in pylintrc file 2015-03-25 11:21:16 +01:00
README.rst Start README.rst with a better title 2019-11-13 17:03:44 +01:00
requirements.txt Revert "Remove all usage of keystoneclient" 2021-07-08 20:19:56 +01:00
setup.cfg [goal] Deprecate the JSON formatted policy file 2021-01-29 15:31:47 -08:00
setup.py Cleanup old cruft 2020-03-28 08:18:01 +01:00
test-requirements.txt Bump requirements to prepare for secure RBAC 2021-02-23 17:27:03 +00:00
tox.ini Update TOX_CONSTRAINTS_FILE for stable/wallaby 2021-03-23 17:09:07 +00:00

README.rst

OpenStack Glance

The following tags have been asserted for the Glance project: "project:official", "tc:approved-release", "stable:follows-policy", "tc:starter-kit:compute", "vulnerability:managed", "assert:supports-upgrade", "assert:follows-standard-deprecation". Follow the link for an explanation of these tags.

Glance is an OpenStack project that provides services and associated libraries to store, browse, share, distribute and manage bootable disk images, other data closely associated with initializing compute resources, and metadata definitions.

Use the following resources to learn more:

API

To learn how to use Glance's API, consult the documentation available online at:

Developers

For information on how to contribute to Glance, please see the contents of the CONTRIBUTING.rst in this repository.

Any new code must follow the development guidelines detailed in the HACKING.rst file, and pass all unit tests.

Further developer focused documentation is available at:

Operators

To learn how to deploy and configure OpenStack Glance, consult the documentation available online at:

In the unfortunate event that bugs are discovered, they should be reported to the appropriate bug tracker. You can raise bugs here:

Release notes

To learn more about Glance's new features, optimizations, and changes between versions, consult the release notes online at:

Other Information

During each design summit, we agree on what the whole community wants to focus on for the upcoming release. You can see image service plans:

For more information about the Glance project please see: