attach_volume is definitely not affected. It appears that attach_volume_boot has an elevated context so it may be possible to boot off of other peoples volumes. This appears to affect folsom/nova-volumes as well, although it should be verified. A simple fix would be to make sure we don't have an elevated context before doing the volume_api.get and volume_api.get_snapshot code in stable/essex here:
attach_volume is definitely not affected. It appears that attach_volume_boot has an elevated context so it may be possible to boot off of other peoples volumes. This appears to affect folsom/nova-volumes as well, although it should be verified. A simple fix would be to make sure we don't have an elevated context before doing the volume_api.get and volume_ api.get_ snapshot code in stable/essex here:
375 # TODO(yamahata): default name and description api.get_ snapshot( context, api.create( context, bdm['volume_size'], api.wait_ creation( context, vol) block_device_ mapping_ update( api.get( context, bdm['volume_id']) api.check_ attach( context, volume) volume_ boot(context,
376 snapshot = self.volume_
377 bdm['snapshot_id'])
378 vol = self.volume_
379 '', '', snapshot)
380 # TODO(yamahata): creating volume simultaneously
381 # reduces creation time?
382 self.volume_
383 self.db.
384 context, bdm['id'], {'volume_id': vol['id']})
385 bdm['volume_id'] = vol['id']
386
387 if bdm['volume_id'] is not None:
388 volume = self.volume_
389 self.volume_
390 cinfo = self._attach_
391 instance,
392 volume,
393 bdm['device_name'])