[Bug 1656847] Re: neutron security group rules not applied to nova-lxd containers
Tyler Hicks
tyhicks at canonical.com
Thu Feb 9 05:11:39 UTC 2017
CVE-2017-5936 was assigned: http://openwall.com/lists/oss-
security/2017/02/09/3
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-5936
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to nova-lxd in Ubuntu.
https://bugs.launchpad.net/bugs/1656847
Title:
neutron security group rules not applied to nova-lxd containers
Status in nova-lxd:
In Progress
Status in nova-lxd package in Ubuntu:
Fix Released
Status in nova-lxd source package in Xenial:
Confirmed
Status in nova-lxd source package in Yakkety:
Fix Released
Status in nova-lxd source package in Zesty:
Fix Released
Bug description:
I noted this when testing the changes for lxd:isolated in Ubuntu
Xenial; neutron sets up iptables rules against tap devices (as used in
the libvirt driver); however nova-lxd does not use tap devices - LXD
plumbs the instance in to the neutron bridge using an veth pair.
I think the net result of this is that security rules are just not
getting applied in LXD instances.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova-lxd/+bug/1656847/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list