[Openstack-security] [openstack/nova] SecurityImpact review request change Ic0780a0d1ccf96c14f1e0ad9c3e9b23e2b0db0ea
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Aug 13 08:07:28 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/188235
Log:
commit 9c917816048482e3a42aa06e2aa4933a1a6f7f8c
Author: Eli Qiao <liyong.qiao at intel.com>
Date: Thu Jun 4 10:05:33 2015 +0800
Add missing rules in policy.json
'etc/nova/policy.json' is sample file for polcy configration. But
there are a lot of rule missing in it. The user is hard to find
out which rule can be used in nova.
This patch adds the missing rule back to policy.json. Also adds a
test case to veify the contents of policy.
SecurityImpact
UpgradeImpact:
"os_compute_api:servers:create:forced_host" is missing in policy.json.
That means it will be default rule. But actually it should be admin
only API. This patch adds this rule back to policy.json and with
correct rule. Deployer should update their policy.json to match the
original permission also.
Co-Authored-By: Alex Xu <hejie.xu at intel.com>
Closes-Bug: #1435390
Change-Id: Ic0780a0d1ccf96c14f1e0ad9c3e9b23e2b0db0ea
More information about the Openstack-security
mailing list