Moving to wish list as this really isn't that bad and the fix isn't very feasible right now due to the port-binding extension requires one to be admin.
** No longer affects: neutron ** Changed in: nova Importance: High => Wishlist -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1233335 Title: Nova calls into neutron as admin circumventing fixed-ip on shared network Status in OpenStack Compute (Nova): Confirmed Bug description: In Neutron on shared networks the default policy is to not allow tenants from specifying their own fixed ips. This is done so that one cannot deliberately try to imposter another tenant's instance after it has been deleted. The reason is working is because nova is calling into neutron as admin. $quantum port-create --fixed-ip ip_address=10.2.0.44 shared-net {"NeutronError": "Policy doesn't allow create_port to be performed."} ^Fails $ nova boot --image cirros-0.3.1-x86_64-uec --nic net-id=abce62c9-2d83-42ea-ada2-fd24e14af842,v4-fixed-ip=10.2.0.44 --flavor 1 vm23 ^Succeeds Marking as a security vulnerability though it's probably not really a big deal. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1233335/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
