[linux-lvm] devices.filter changed behaviour in 80ac8f37d6

Chris Webb chris at arachsys.com
Mon Sep 7 13:08:52 UTC 2015

Just one final thought. A second reason we deliberately exclude those iSCSI  
devices is that they're actually the drives backing customer VMs, so any  
LVM metadata on them should be interpreted by an untrusted guest kernel and  
not by the host. Untrusted third parties have complete control over the  
contents of the block devices.

Is LVM well-secured against attacks from block devices containing malicious  
LVM metadata? If not, an unexpected change in filtering behaviour might  
potentially be a security issue in some environments.



More information about the linux-lvm mailing list