Created
November 27, 2017 19:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The fix for `OSSA-2017-005`_ (CVE-2017-16239) was too far-reaching in that | |
| rebuilds can now fail based on scheduling filters that should not apply | |
| to rebuild. For example, a rebuild of an instance on a disabled compute | |
| host could fail whereas it would not before the fix for CVE-2017-16239. | |
| Similarly, rebuilding an instance on a host that is at capacity for vcpu, | |
| memory or disk could fail since the scheduler filters would treat it as a | |
| new build request even though the rebuild is not claiming *new* resources. | |
| Therefore this release contains a fix for those regressions in scheduling | |
| behavior on rebuild while maintaining the original fix for CVE-2017-16239. | |
| .. note:: The fix relies on a ``RUN_ON_REBUILD`` variable which is checked | |
| for all scheduler filters during a rebuild. The reasoning behind | |
| the value for that variable depends on each filter. If you have | |
| out-of-tree scheduler filters, you will likely need to assess | |
| whether or not they need to override the default value (False) | |
| for the new variable. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment