[Openstack-security] [openstack/nova] SecurityImpact review request change Ic0780a0d1ccf96c14f1e0ad9c3e9b23e2b0db0ea
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Aug 6 11:30:18 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/188235
Log:
commit 97ed4d2d785ea2dd4f14ee4dda9f7ef475f93a4f
Author: Eli Qiao <liyong.qiao at intel.com>
Date: Thu Jun 4 10:05:33 2015 +0800
Add missing rules in policy.json
'etc/nova/policy.json' is sample file for polcy configration. But
there are a lot of rule missing in it. The user is hard to find
out which rule can be used in nova.
This patch adds the missing rule back to policy.json. Also adds a
test case to veify the contents of policy.
SecurityImpact
UpgradeImpact:
"os_compute_api:servers:create:forced_host" is missing in policy.json.
That means it will be default rule. But actually it should be admin
only API. This patch adds this rule back to policy.json and with
correct rule. Deployer should update their policy.json to match the
original permission also.
Co-Authored-By: Alex Xu <hejie.xu at intel.com>
Closes-Bug: #1435390
Change-Id: Ic0780a0d1ccf96c14f1e0ad9c3e9b23e2b0db0ea
More information about the Openstack-security
mailing list