Yet another idea for a easy hack for stable... rather than renaming disk images, we could save a little 'disks.info' file in the instance directory listing the expected formats when first booting. On subsequent boots/rescues we can consult that file instead of probing
> I.E. the disk is validly qcow2 format but not backed by an image in base_/
Glance itself validates that users don't have a nasty backing file listed when they upload qcow2 files, so that's safe enough I believe. So the issue is only with raw files being turned into qcow2 files by a malicious guest action
Yet another idea for a easy hack for stable... rather than renaming disk images, we could save a little 'disks.info' file in the instance directory listing the expected formats when first booting. On subsequent boots/rescues we can consult that file instead of probing
> I.E. the disk is validly qcow2 format but not backed by an image in base_/
Glance itself validates that users don't have a nasty backing file listed when they upload qcow2 files, so that's safe enough I believe. So the issue is only with raw files being turned into qcow2 files by a malicious guest action