You've switched this bug report to indicate an exploitable security
vulnerability. Can you describe in greater detail the exploitation
scenario you have in mind? What sort of patch to neutron do you expect
to correct this defect? Does this vulnerability appear in previous
releases of neutron as well, or does it only affect the current master
and stable/kilo branches of neutron?
** Also affects: ossa
Importance: Undecided
Status: New
** Changed in: ossa
Status: New => Incomplete
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1445475
Title:
neutron service user should not require admin
Status in OpenStack Neutron (virtual network service):
New
Status in OpenStack Security Advisories:
Incomplete
Bug description:
The typical config has nova using the 'neutron' user in the 'service' project
to do operations against Neutron. The 'neutron' user should not require the
'admin' role on the 'service' project to do all the operations it needs to do
against Neutron. Neutron's default policy.json should allow the 'neutron' user
(i.e., users with the 'service' role) to do all the operations it needs to do
against Neutron, rather than requiring 'admin'.
Nova is allocating networks and creating ports, so these operations
need to allow the 'service' role to perform these operations, too.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1445475/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
