Forbidden 403 error while get public image from multitenant swift storage where object is chunked (larger than 5GB)
Bug #1170156 reported by
Malyshev Alex
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
High
|
Flavio Percoco | ||
Grizzly |
Fix Released
|
High
|
Flavio Percoco |
Bug Description
How to reproduce:
1. Use multitenant swift store for glance.
2. Create a public image larger than 5GB.
3. Launch instance with this image from another tenant.
How to fix:
For chunked object not enough just ".r:*" acl permission for public image, we must also set ".rlistings" permission on container.
Simple, in glance/
if public:
(may be, something this we must add for read_tenants acls)
Changed in glance: | |
importance: | Undecided → High |
Changed in glance: | |
assignee: | nobody → Flavio Percoco Premoli (flaper87) |
milestone: | none → havana-1 |
Changed in glance: | |
status: | Fix Committed → Fix Released |
Changed in glance: | |
milestone: | havana-1 → 2013.2 |
To post a comment you must log in.
Hey Malyshev,
I was wondering if the container contained other images apart from that public image, would .rlisting allow the user to be able to list those other images as well?