then, what's the conclusion that we can begin to start?
2013/10/15 Christopher Yeoh <cbky...@gmail.com> > On Tue, Oct 15, 2013 at 10:25 AM, Caitlin Bestler < > caitlin.best...@nexenta.com> wrote: > >> On 10/14/2013 8:37 AM, Ben Nemec wrote: >> >>> I agree that this needs to be fixed. It's very counterintuitive, if >>> nothing else (which is also my argument against requiring all-tenants >>> for admin users in the first place). The only question for me is >>> whether to fix it in novaclient or in Nova itself. >>> >> >> If it is fixed in novaclient, then any unscrupulous tenant would be able >> to unfix it in novaclient themselves and gain the same information about >> other tenants that the bug is allowing. >> >> So if the intent is to protect leakage of information across tenant lines >> then the correct solution is a real lock (i.e. in Nova) rather >> than just a screen door "lock". >> >> > The novaclient fix for V2 would be simply to automatically pass > all-tenants where needed. It would not give a non admin user any extra > privileges even if they modified novaclient. > > Chris > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- *--------------------------------------------* *Lingxian Kong* Huawei Technologies Co.,LTD. IT Product Line CloudOS PDU China, Xi'an Mobile: +86-18602962792 Email: konglingx...@huawei.com; anlin.k...@gmail.com
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
