[Openstack-security] [openstack/nova] SecurityImpact review request change Ic0780a0d1ccf96c14f1e0ad9c3e9b23e2b0db0ea
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Mon Jul 6 03:00:32 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/188235
Log:
commit cd2efa37282fd623312b08441f7eb1a576340d6e
Author: Eli Qiao <liyong.qiao at intel.com>
Date: Thu Jun 4 10:05:33 2015 +0800
Add missing rules in polcy.json
'etc/nova/policy.json' is sample file for polcy configration. But
there are a lot of rule missing in it. The user is hard to find
out which rule can be used in nova.
This patch adds the missing rule back to policy.json. Also adds a
test case to veify the contents of policy.
SecurityImpact
UpgradeImpact:
"os_compute_api:servers:create:forced_host" is missing in policy.json.
That means it will be default rule. But actually it should be admin
only API. After deployer should update their policy.json to match the
original permission.
Co-Authored-By: Alex Xu <hejie.xu at intel.com>
Closes-Bug: #1435390
Change-Id: Ic0780a0d1ccf96c14f1e0ad9c3e9b23e2b0db0ea
More information about the Openstack-security
mailing list