Closed OpenNebulaProject closed 5 years ago
Original Redmine Comment Author Name: Carlos MartĂn (Carlos MartĂn) Original Date: 2015-01-14T14:43:31Z
Hi,
The contents cannot be restricted, but you can make RAW a restricted attribute, available only to administrators: http://docs.opennebula.org/4.10/administration/references/oned_conf.html#restricted-attributes-configuration
As a matter of fact, I think we should make it one of the default restricted attributes.
Is this enough for your use case?
Original Redmine Comment Author Name: EOLE Team (EOLE Team) Original Date: 2015-01-14T15:42:37Z
Carlos MartĂn wrote:
The contents cannot be restricted, but you can make RAW a restricted attribute, available only to administrators: http://docs.opennebula.org/4.10/administration/references/oned_conf.html#restricted-attributes-configuration
As a matter of fact, I think we should make it one of the default restricted attributes.
Is this enough for your use case?
Unfortunately not, normal users run templates with RAW section:
I thought about restricting the creation of template with RAW to admin users, but normal users must be able to run them.
Original Redmine Comment Author Name: EOLE Team (EOLE Team) Original Date: 2015-01-14T15:58:01Z
EOLE Team wrote:
Unfortunately not, normal users run templates with RAW section:
- to make âprivative OSâ working
- to access a virtfs under a dedicated directory
I thought about restricting the creation of template with RAW to admin users, but normal users must be able to run them.
My mistake:
If the VM template has been created by admins in the ââoneadminââ group, then users outside the ââoneadminââ group can instantiate these templates.
Requiring @oneadmin@ membership is a bit limiting for us, I do not want to give @oneadmin@ to the user responsible of creating templates :-/
Original Redmine Comment Author Name: Stefan Kooman (Stefan Kooman) Original Date: 2017-01-05T15:04:00Z
VM_RESTRICTED_ATTR = "RAW" is not enabled by default in oned.conf, and not even listed there. I would strongly opt to enable this by default, as it is the biggest security hole in ONE. Every user with "TEMPLATE:CREATE" or "TEMPLATE:MANAGE" permissions will have the posibility to pass hypervisor disks to guest VM's, obtain /etc/shadow, ssh pub / private keys of oneadmin, inflict a Denial of service. When ONE frontend is a VM on same infrastructure the whole cloud infra can be powned ...
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. The OpenNebula Dev Team
This issue has been automatically closed due to lack of activity/feedback. Please reopen if you have further input or need to bump this. The OpenNebula Dev Team
Author Name: EOLE Team (EOLE Team) Original Redmine Issue: 3498, https://dev.opennebula.org/issues/3498 Original Date: 2015-01-14
Hello,
We use a virtfs for our test beds for communications between a jenkins and VMs.
I test with the following RAW:
Then I can mount this virtfs in my VM and access the root of my hypervisor as user @oneadmin@:
So, I can run @rm -rf /mnt/var/lib/one/datastores/@ and destroy my infrastructure.
Is there a way to restrict the content of RAW?