yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1445199] Re: Nova user should not have admin role

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jeremy Stanley <fungi@xxxxxxxxxxx>
Date: Fri, 17 Apr 2015 15:14:37 -0000
Reply-to: Bug 1445199 <1445199@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

In your bug description you indicate this is only a security hardening
measure, but now you've switched the bug type to indicate it's an
exploitable security vulnerability. Also this looks like a duplicate of
bug 1445475 reported against nova.

** Also affects: ossa
   Importance: Undecided
       Status: New

** Changed in: ossa
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1445199

Title:
  Nova user should not have admin role

Status in devstack - openstack dev environments:
  New
Status in OpenStack Compute (Nova):
  New
Status in OpenStack Security Advisories:
  Incomplete

Bug description:
  
  Most of the service users are granted the 'service' role on the 'service' project, except the 'nova' user which is given 'admin'. The 'nova' user should also be given only the 'service' role on the 'service' project.

  This is for security hardening.

To manage notifications about this bug go to:
https://bugs.launchpad.net/devstack/+bug/1445199/+subscriptions