[one-users] Is it possible to make an OCCI image capable of being instantiated but not cloned?

Daniel Molina dmolina at opennebula.org
Tue Mar 26 04:52:19 PDT 2013


Hi Gerry,

On 25 March 2013 10:55, Gerry O'Brien <gerry at scss.tcd.ie> wrote:
> Hi,
>
>     Is it possible to make an OCCI image capable of being instantiated but
> not cloned? I'm thinking about the case where an image might contain
> sensitive information, e.g. passwords, etc, that is used on first boot and
> then deleted. However, if the imaged can be cloned before being run then the
> information could be accessed by attaching the cloned image to an already
> running machine.
>
>   I understand that cloning is part of the basic image instantiation
> deployment but can it be distinguished and protected from a user image copy?

You can configure that behaviour using the OpenNebula ACLs system
[1,2]. However, it doesn't make sense to me. As long as a user can
create a VM using that image he will be able to copy/mount it without
cloning it.

[1] http://opennebula.org/documentation:rel3.8:manage_acl
[2] http://opennebula.org/documentation:rel3.8:api#oneimage

Cheers

>
>     Regards,
>       Gerry
>
> --
> Gerry O'Brien
>
> Systems Manager
> School of Computer Science and Statistics
> Trinity College Dublin
> Dublin 2
> IRELAND
>
> 00 353 1 896 1341
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

-- 
Daniel Molina
Project Engineer
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula



More information about the Users mailing list