1384855 – [CVE-2015-5162] oslo.concurrency: Backport support for 'prlimit' parameter [OSP-5-RHEL7]

Bug 1384855 - [CVE-2015-5162] oslo.concurrency: Backport support for 'prlimit' parameter [OSP-5-RHEL7]

Summary: [CVE-2015-5162] oslo.concurrency: Backport support for 'prlimit' parameter [O...

Keywords:
Status:	CLOSED CANTFIX
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-oslo-concurrency
Sub Component:
Version:	5.0 (RHEL 7)
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	5.0 (RHEL 7)
Assignee:	Victor Stinner
QA Contact:	Shai Revivo
Docs Contact:
URL:
Whiteboard:
Depends On:	1383415
Blocks:	1382552 1382570 1382571 1383421
TreeView+	depends on / blocked

Reported:	2016-10-14 09:33 UTC by Kashyap Chamarthy
Modified:	2019-02-17 12:31 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1383415
Environment:
Last Closed:	2016-10-14 14:06:06 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
OpenStack gerrit	327630	0	None	None	None	2016-10-14 09:33:13 UTC
OpenStack gerrit	332222	0	None	None	None	2016-10-14 09:33:13 UTC

Description Kashyap Chamarthy 2016-10-14 09:33:14 UTC

+++ This bug was initially created as a clone of Bug #1383415 +++

Security fixes in Nova, Cinder, and Glance require support for prlimit in oslo.concurrency.

The following changes need to be backported:

d65d931 processutils: add support for missing process limits
e33f64f Add prlimit parameter to execute()

Comment 1 Victor Stinner 2016-10-14 14:06:06 UTC

There is no such oslo.concurrency library in OSP 5: it was part of each service (nova, cinder, glance, etc.) as <project>/openstack/common/processutils.py. The fix should be made directly in each component.

Comment 2 Kashyap Chamarthy 2016-10-14 14:16:10 UTC

(In reply to Victor Stinner from comment #1)
> There is no such oslo.concurrency library in OSP 5: it was part of each
> service (nova, cinder, glance, etc.) as
> <project>/openstack/common/processutils.py. The fix should be made directly
> in each component.

Yep, you're totally right.  I briefly forgot for a moment yet that it wasn't yet a separate library yet.

Comment 3 Victor Stinner 2016-10-14 15:41:07 UTC

See https://bugzilla.redhat.com/show_bug.cgi?id=1382549 for the follow-up in Nova.

Note You need to log in before you can comment on or make changes to this bug.