Race means clients may or may not have RBAC enforced on southbound db connections
Bug #1917486 reported by
Liam Young
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| charm-ovn-central |
New
|
Undecided
|
Unassigned | ||
Bug Description
This is a little speculative but while investigating a bug with OVN rbac it seems that there is race which allows a client to connect to the southbound db before RBAC is enabled. It seems enabling rbac does not affect existing connections so if a connection is made from an ovn-controller to the southbound db before RBAC is enabled it can enjoy RBAC free access until the southbound db is restarted.
To post a comment you must log in.
