[openstack-dev] Changing glances default policy on setting image public to admin only

Aaron Rosen aaronorosen at gmail.com
Thu May 8 23:53:09 UTC 2014


Hi,

The current default settings that glance ships with allows any tenant to
upload an image and mark it as public for other tenants to use. I'd like to
change the default  (https://review.openstack.org/#/c/92739/) so that only
a admin user can make an image public by default. Allowing any tenant to
make an image public by default might allow a malicious tenant to trick
other tenants into using their disk image which could do harm to
unsuspecting tenants.

Since this is a default setting impact I wanted to ping the mailing list to
see if anyone had any concerns in changing the default. In addition, to
this change in glance the tempest tests will also need to be updated as
well because currently there are tests that have nonadmin tenants upload
images.

Best,

Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140508/6042d530/attachment.html>


More information about the OpenStack-dev mailing list