[Openstack-security] [Bug 1427228] [NEW] Allow to run neutron-ns-metadata-proxy as nobody
Cedric Brandily
1427228 at bugs.launchpad.net
Mon Mar 2 13:55:36 UTC 2015
Public bug reported:
Currently neutron-ns-metadata-proxy runs with neutron user/group
permissions on l3-agent but we should allow to run it with less
permissions as neutron user is allowed to run neutron-rootwrap. We
should restrict as much as possible neutron-ns-metadata-proxy
permissions as it's reachable from VMs.
** Affects: neutron
Importance: Undecided
Assignee: Cedric Brandily (cbrandily)
Status: New
** Tags: l3-ipam-dhcp security
** Changed in: neutron
Assignee: (unassigned) => Cedric Brandily (cbrandily)
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1427228
Title:
Allow to run neutron-ns-metadata-proxy as nobody
Status in OpenStack Neutron (virtual network service):
New
Bug description:
Currently neutron-ns-metadata-proxy runs with neutron user/group
permissions on l3-agent but we should allow to run it with less
permissions as neutron user is allowed to run neutron-rootwrap. We
should restrict as much as possible neutron-ns-metadata-proxy
permissions as it's reachable from VMs.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1427228/+subscriptions
More information about the Openstack-security
mailing list