summaryrefslogtreecommitdiff
path: root/nova/conf/compute.py
diff options
context:
space:
mode:
authorDan Smith <dansmith@redhat.com>2022-11-10 09:55:48 -0800
committerBalazs Gibizer <gibizer@gmail.com>2023-01-25 17:07:17 +0000
commit3fe8880d3759cbd7b19d75dcf235dfd5c511be13 (patch)
treedb7205997d071d3e7a2914cc9f8e5df940f256b7 /nova/conf/compute.py
parent1bf98f128710c374a0141720a7ccc21f5d1afae0 (diff)
downloadnova-3fe8880d3759cbd7b19d75dcf235dfd5c511be13.tar.gz
[stable-only][cve] Check VMDK create-type against an allowed liststable/ussuri
NOTE(sbauza): Stable policy allows us to proactively merge a backport without waiting for the parent patch to be merged (exception to rule #4 in [1]. Marking [stable-only] in order to silence nova-tox-validate-backport [1] https://docs.openstack.org/project-team-guide/stable-branches.html#appropriate-fixes Conflicts vs victoria in: nova/conf/compute.py Related-Bug: #1996188 Change-Id: I5a399f1d3d702bfb76c067893e9c924904c8c360
Diffstat (limited to 'nova/conf/compute.py')
-rw-r--r--nova/conf/compute.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/nova/conf/compute.py b/nova/conf/compute.py
index 8faddc721c..c012e2d081 100644
--- a/nova/conf/compute.py
+++ b/nova/conf/compute.py
@@ -960,6 +960,15 @@ Possible values:
``nova-compute`` service to fail to start, as 0 disk devices is an invalid
configuration that would prevent instances from being able to boot.
"""),
+ cfg.ListOpt('vmdk_allowed_types',
+ default=['streamOptimized', 'monolithicSparse'],
+ help="""
+A list of strings describing allowed VMDK "create-type" subformats
+that will be allowed. This is recommended to only include
+single-file-with-sparse-header variants to avoid potential host file
+exposure due to processing named extents. If this list is empty, then no
+form of VMDK image will be allowed.
+"""),
]
interval_opts = [