Comment 19 for bug 1354512

Submitter: Jenkins
Branch: master

commit 69f801c3497c768a10fa33aac42951f1e29c977b
Author: Stuart McLaren <email address hidden>
Date: Wed Oct 22 12:06:53 2014 +0000

    Fix public image ACL in multi-tenant Swift mode

    Currently the ACL to public Swift images is '.r:*'. This means that
    anonymous users who have not authenticated may be able to access the
    data of a public Swift image when multi-tenant mode is enabled.

    Change to use the cross-tenant '*:*' ACL which requires an authenticated
    user for access.

    Note: This does not address authenticated users being able to download
    public image data directly from Swift (potentially bypassing Glance's
    'download_image' policy).

    Change-Id: I1fa3297908ca4be517419e9460f056a09aa98ef0
    Addresses: OSSN 0025 (
    Closes-bug: #1354512