glance_store

  1. Bug #1354512
  2. Comment #19

Comment 19 for bug 1354512

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance_store (master)

Reviewed: https://review.openstack.org/130200
Committed: https://git.openstack.org/cgit/openstack/glance_store/commit/?id=69f801c3497c768a10fa33aac42951f1e29c977b
Submitter: Jenkins
Branch: master

commit 69f801c3497c768a10fa33aac42951f1e29c977b
Author: Stuart McLaren <email address hidden>
Date: Wed Oct 22 12:06:53 2014 +0000

    Fix public image ACL in multi-tenant Swift mode

    Currently the ACL to public Swift images is '.r:*'. This means that
    anonymous users who have not authenticated may be able to access the
    data of a public Swift image when multi-tenant mode is enabled.

    Change to use the cross-tenant '*:*' ACL which requires an authenticated
    user for access.

    Note: This does not address authenticated users being able to download
    public image data directly from Swift (potentially bypassing Glance's
    'download_image' policy).

    Change-Id: I1fa3297908ca4be517419e9460f056a09aa98ef0
    Addresses: OSSN 0025 (https://review.openstack.org/#/c/117928/)
    Closes-bug: #1354512