Since this bug has been switched to Public Security, I've added an
incomplete security advisory task to track whether we'll need to publish
one.
** Also affects: ossa
Importance: Undecided
Status: New
** Changed in: ossa
Status: New => Incomplete
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1986969
Title:
Manually assign --device and --device-owner to a port does NOT binds
the port inmediatly
Status in neutron:
In Progress
Status in OpenStack Security Advisory:
Incomplete
Bug description:
This could be considered as a documentation bug.
When a VM is created (there is a device ID), a user can create a port and
assign the port device_id to the VM ID and the device_owner="compute:nova".
That makes this port visible when executing:
$ openstack port list --server serverID
The port is not bound, of course. But when the VM is rebooted (hard reboot),
the port is assigned and bound to this VM.
There is another related issue from the administrator point of view. A user
can assign (by mistake or coincidence) the device ID of another project VM ID.
This non-admin user can't see the other project VM. But the administrator, when
executing the previous command, will see a VM assigned to a project with a port
from another. This scenario:
* Is difficult to reproduce: the non-admin user must guess the VM ID of
another project without having access.
* Affect only to the admin view, who can access to both projects.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1986969/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
