commit 69f801c3497c768a10fa33aac42951f1e29c977b
Author: Stuart McLaren <email address hidden>
Date: Wed Oct 22 12:06:53 2014 +0000
Fix public image ACL in multi-tenant Swift mode
Currently the ACL to public Swift images is '.r:*'. This means that
anonymous users who have not authenticated may be able to access the
data of a public Swift image when multi-tenant mode is enabled.
Change to use the cross-tenant '*:*' ACL which requires an authenticated
user for access.
Note: This does not address authenticated users being able to download
public image data directly from Swift (potentially bypassing Glance's
'download_image' policy).
Reviewed: https:/ /review. openstack. org/130200 /git.openstack. org/cgit/ openstack/ glance_ store/commit/ ?id=69f801c3497 c768a10fa33aac4 2951f1e29c977b
Committed: https:/
Submitter: Jenkins
Branch: master
commit 69f801c3497c768 a10fa33aac42951 f1e29c977b
Author: Stuart McLaren <email address hidden>
Date: Wed Oct 22 12:06:53 2014 +0000
Fix public image ACL in multi-tenant Swift mode
Currently the ACL to public Swift images is '.r:*'. This means that
anonymous users who have not authenticated may be able to access the
data of a public Swift image when multi-tenant mode is enabled.
Change to use the cross-tenant '*:*' ACL which requires an authenticated
user for access.
Note: This does not address authenticated users being able to download image' policy).
public image data directly from Swift (potentially bypassing Glance's
'download_
Change-Id: I1fa3297908ca4b e517419e9460f05 6a09aa98ef0 /review. openstack. org/#/c/ 117928/)
Addresses: OSSN 0025 (https:/
Closes-bug: #1354512