From ba10a9b6fedebbfd38a53274b2bf7186dc4b79d8 Mon Sep 17 00:00:00 2001
From: Nolan Brubaker <nolan.brubaker@rackspace.com>
Date: Wed, 7 Jan 2015 11:59:23 -0500
Subject: [PATCH] Restrict publicizing images to admin role

Allowing users to publicize images could lead to a security hole where a
user could upload a malicious image (one that houses rootkits or other
malware).

Change-Id: Ib0aea22df13d5717e81aaf829bb298f80b600909
Partial-Bug: #1408363
---
 rpc_deployment/roles/glance_common/templates/policy.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rpc_deployment/roles/glance_common/templates/policy.json b/rpc_deployment/roles/glance_common/templates/policy.json
index d8f0a78cb6..8b7e6871dd 100644
--- a/rpc_deployment/roles/glance_common/templates/policy.json
+++ b/rpc_deployment/roles/glance_common/templates/policy.json
@@ -7,7 +7,7 @@
     "get_image": "",
     "get_images": "",
     "modify_image": "",
-    "publicize_image": "",
+    "publicize_image": "role:admin",
     "copy_from": "",
 
     "download_image": "",