7391070474
Generally, we have to pass target object to ``authorize`` when enforce policy check, but this is ignored during our develop and review process for a long time, and the potential issue is anyone can handle the target resource as ``authorize`` will always succeed if rule is defined ``admin_or_owner`` [1]. Luckily, for most of those APIs this security concern is protected by our database access code [2] that only project scope resource is allowed. However, there is one API that do have security issue when administrator change the rule into "admin_or_owner". 1. "volume reset_status", which cinder will update the resource directly in the database, procedure to reproduce bug is described on the launchpad. This patch intends to correct most of cases which can be easily figured out in case of future code changes. [1]: |
||
---|---|---|
api-ref/source | ||
cinder | ||
contrib/block-box | ||
doc | ||
etc/cinder | ||
playbooks/legacy/cinder-tempest-dsvm-lvm-lio-barbican | ||
rally-jobs | ||
releasenotes | ||
tools | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
.stestr.conf | ||
.zuul.yaml | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
README.rst | ||
babel.cfg | ||
bindep.txt | ||
driver-requirements.txt | ||
pylintrc | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
Team and repository tags
CINDER
You have come across a storage service for an open cloud computing service. It has identified itself as Cinder. It was abstracted from the Nova project.
- Wiki: https://wiki.openstack.org/Cinder
- Developer docs: https://docs.openstack.org/cinder/latest/
Getting Started
If you'd like to run from the master branch, you can clone the git repo:
For developer information please see HACKING.rst
You can raise bugs here https://bugs.launchpad.net/cinder
Python client
https://git.openstack.org/cgit/openstack/python-cinderclient