[Openstack-security] [Bug 1427228] Re: Allow to run neutron-ns-metadata-proxy as nobody
Kyle Mestery
1427228 at bugs.launchpad.net
Mon Mar 30 21:46:35 UTC 2015
** Changed in: neutron
Importance: Undecided => High
** Changed in: neutron
Milestone: None => kilo-rc1
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1427228
Title:
Allow to run neutron-ns-metadata-proxy as nobody
Status in OpenStack Neutron (virtual network service):
In Progress
Bug description:
Currently neutron-ns-metadata-proxy runs with neutron user/group
permissions on l3-agent but we should allow to run it with less
permissions as neutron user is allowed to run neutron-rootwrap. We
should restrict as much as possible neutron-ns-metadata-proxy
permissions as it's reachable from VMs.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1427228/+subscriptions
More information about the Openstack-security
mailing list