[one-users] Is it possible to make an OCCI image capable of being instantiated but not cloned?
Daniel Molina
dmolina at opennebula.org
Tue Mar 26 04:52:19 PDT 2013
Hi Gerry,
On 25 March 2013 10:55, Gerry O'Brien <gerry at scss.tcd.ie> wrote:
> Hi,
>
> Is it possible to make an OCCI image capable of being instantiated but
> not cloned? I'm thinking about the case where an image might contain
> sensitive information, e.g. passwords, etc, that is used on first boot and
> then deleted. However, if the imaged can be cloned before being run then the
> information could be accessed by attaching the cloned image to an already
> running machine.
>
> I understand that cloning is part of the basic image instantiation
> deployment but can it be distinguished and protected from a user image copy?
You can configure that behaviour using the OpenNebula ACLs system
[1,2]. However, it doesn't make sense to me. As long as a user can
create a VM using that image he will be able to copy/mount it without
cloning it.
[1] http://opennebula.org/documentation:rel3.8:manage_acl
[2] http://opennebula.org/documentation:rel3.8:api#oneimage
Cheers
>
> Regards,
> Gerry
>
> --
> Gerry O'Brien
>
> Systems Manager
> School of Computer Science and Statistics
> Trinity College Dublin
> Dublin 2
> IRELAND
>
> 00 353 1 896 1341
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
Daniel Molina
Project Engineer
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
More information about the Users
mailing list