|
|
7b180b |
From 0b92347337e9201140ed2daf77a934c731de6630 Mon Sep 17 00:00:00 2001
|
|
|
7b180b |
From: Laszlo Ersek <lersek@redhat.com>
|
|
|
7b180b |
Date: Thu, 14 Jul 2022 12:40:05 +0200
|
|
|
7b180b |
Subject: [PATCH] sysprep: advise against cloning VMs with internal full disk
|
|
|
7b180b |
encryption
|
|
|
7b180b |
|
|
|
7b180b |
This is relevant for sysprep because we recommend sysprep for facilitating
|
|
|
7b180b |
cloning.
|
|
|
7b180b |
|
|
|
7b180b |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2106286
|
|
|
7b180b |
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
7b180b |
Message-Id: <20220714104005.8334-3-lersek@redhat.com>
|
|
|
7b180b |
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
|
|
|
7b180b |
(cherry picked from commit b49ee909f5d1a0d7b5c668335b9098ca8ff85bfd)
|
|
|
7b180b |
---
|
|
|
7b180b |
sysprep/virt-sysprep.pod | 7 +++++++
|
|
|
7b180b |
1 file changed, 7 insertions(+)
|
|
|
7b180b |
|
|
|
7b180b |
diff --git a/sysprep/virt-sysprep.pod b/sysprep/virt-sysprep.pod
|
|
|
7b180b |
index deeb5341e..232b9f24b 100644
|
|
|
7b180b |
--- a/sysprep/virt-sysprep.pod
|
|
|
7b180b |
+++ b/sysprep/virt-sysprep.pod
|
|
|
7b180b |
@@ -519,6 +519,13 @@ Either or both options can be used multiple times on the command line.
|
|
|
7b180b |
|
|
|
7b180b |
=head1 SECURITY
|
|
|
7b180b |
|
|
|
7b180b |
+Virtual machines that employ full disk encryption I
|
|
|
7b180b |
+guest> should not be considered for cloning and distribution, as it
|
|
|
7b180b |
+provides multiple parties with the same internal volume key, enabling
|
|
|
7b180b |
+any one such party to decrypt all the other clones. Refer to the L
|
|
|
7b180b |
+FAQ|https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/FAQ.md> for
|
|
|
7b180b |
+details.
|
|
|
7b180b |
+
|
|
|
7b180b |
Although virt-sysprep removes some sensitive information from the
|
|
|
7b180b |
guest, it does not pretend to remove all of it. You should examine
|
|
|
7b180b |
the L</OPERATIONS> above and the guest afterwards.
|
|
|
7b180b |
--
|
|
|
7b180b |
2.31.1
|
|
|
7b180b |
|