Comment 6 for bug 1357379
Revision history for this message
| Salvatore Orlando (salvatore-orlando) wrote Re: policy admin_only rules not enforced when changing value to default | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
This is a behaviour which has always been in the system.
I am looking at the patch to understand the exact scope.
I have verified that users still won't be allowed to un-share networks or make ext networks internals, which would cause immediate disruption in a cloud - this won't happen because the user will not own the object in the first place.
For instance this can allow users to restore SNAT on routers where the provider has disabled it (not a big deal - networking should just stop working in that case)
Another example is that a user can un-distribute a distributed router - again no big deal but this would however make the router not functional.
Even if it's not the end of the world, it's good to keep this bug as public security as deployers might be running customized policy.json files, and therefore might experience unexpected and possibly security-