[Yahoo-eng-team] [Bug 1774402] [NEW] Glance scrubber SELinux denials

Public bug reported: Glance scrubber on RHEL7 from RDO with SELinux enabled get denied connecting to cinder & swift type=AVC msg=audit(1527765224.059:149655): avc: denied { name_connect } for pid=1283 comm="glance-scrubber" dest=8776 scontext=system_u:system_r:glance_scrubber_t:s0 tcontext=

[Yahoo-eng-team] [Bug 1764200] [NEW] Glance Cinder backed images & multiple regions

Public bug reported: When using the cinder backed images as per https://docs.openstack.org/cinder/latest/admin/blockstorage-volume- backed-image.html We have multiple locations, glance configured as /etc/glance/glance-api.conf [glance_store] stores = swift, cinder default_store = swift -snip-

[Yahoo-eng-team] [Bug 1790446] [NEW] Glance policy and image owner

Public bug reported: Trying to restrict glance to only allow editing/deleting a tenants own images. According the the docs, this should work. "is_owner": "tenant:%(owner)s", "modify_image": "rule:is_owner", "delete_image": "rule:is_owner", However, with this set, no user can then