OpenStack Compute (nova)

  1. Bug #1290537
  2. Comment #24

Comment 24 for bug 1290537

Revision history for this message
Marc Heckmann (marc-w-heckmann) wrote : Re: RBAC policy not enforced when adding a security group rule using EC2 API (CVE-2014-0167)

I was hesitant to say anything about the patch, but Christopher is right, keeping the previously hidden "compute:security_groups" policy doesn't make sense if people are already using "compute_extension:security_groups". We should just have one way to do this.

And yeah, as an operator, having more fine grained policy is a plus, but this could be done in a future release.