Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1384855

Summary: [CVE-2015-5162] oslo.concurrency: Backport support for 'prlimit' parameter [OSP-5-RHEL7]
Product: Red Hat OpenStack Reporter: Kashyap Chamarthy <kchamart>
Component: python-oslo-concurrencyAssignee: Victor Stinner <vstinner>
Status: CLOSED CANTFIX QA Contact: Shai Revivo <srevivo>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.0 (RHEL 7)CC: apevec, dcadzow, eharney, kchamart, lhh, srevivo, vstinner
Target Milestone: ---Keywords: FeatureBackport, ZStream
Target Release: 5.0 (RHEL 7)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1383415 Environment:
Last Closed: 2016-10-14 14:06:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1383415    
Bug Blocks: 1382552, 1382570, 1382571, 1383421    

Description Kashyap Chamarthy 2016-10-14 09:33:14 UTC 
+++ This bug was initially created as a clone of Bug #1383415 +++

Security fixes in Nova, Cinder, and Glance require support for prlimit in oslo.concurrency.

The following changes need to be backported:

d65d931 processutils: add support for missing process limits
e33f64f Add prlimit parameter to execute()
Comment 1 Victor Stinner 2016-10-14 14:06:06 UTC 
There is no such oslo.concurrency library in OSP 5: it was part of each service (nova, cinder, glance, etc.) as <project>/openstack/common/processutils.py. The fix should be made directly in each component.
Comment 2 Kashyap Chamarthy 2016-10-14 14:16:10 UTC 
(In reply to Victor Stinner from comment #1)
> There is no such oslo.concurrency library in OSP 5: it was part of each
> service (nova, cinder, glance, etc.) as
> <project>/openstack/common/processutils.py. The fix should be made directly
> in each component.

Yep, you're totally right.  I briefly forgot for a moment yet that it wasn't yet a separate library yet.
Comment 3 Victor Stinner 2016-10-14 15:41:07 UTC 
See https://bugzilla.redhat.com/show_bug.cgi?id=1382549 for the follow-up in Nova.