Posts tagged: OpenStack

Improving Nova privilege escalation model, part 1

In this series, I'll discuss how to strengthen the privilege escalation model for OpenStack Compute (Nova). Due to the way networking, virtualization and volume management work, some Nova nodes need to be able to run some commands as root. To reduce the effects of a potential compromise (attacker being able …

OpenStack Essex-1 milestone

Last week saw the delivery of the first milestone of the Essex development cycle for Keystone, Glance, Horizon and Nova. This early milestone collected about two months of post-Diablo work... but it's not as busy in new features as most would think, since a big part of those last two …

Four areas for strategic contributions in OpenStack

The OpenStack Essex Design Summit just ended, and several people those last three days have asked me to give a bit more substance to what I exactly meant by "Strategic contributions" in my last article. Ensure the long-term health of the project by investing in project-centered resources, right, but what …