Comment 14 for bug 1546507
Revision history for this message
| Stuart McLaren (stuart-mclaren) wrote Re: Regular user can delete any image file | #14 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
@Mike
Your patch prevents setting arbitrary locations for all users, in all cases, including admins.
Could that be a problem? For example, say an admin has a workflow where they set the location to some pre-existing data.
> v1 always allows setting a single location to multiple image.
My understanding is that you can currently deploy v1 securely (using policies to prevent directly accessing locations), but you may get a performance hit for some operations, eg create image from volume/create volume from image. (But I'm not as familiar with the ceph store as others.)
Would a solution where a regular user can not set a location at all, but an admin or openstack service can set whatever they want be ok?