diff options
author | Matthew Gilliard <matthew.gilliard@hp.com> | 2014-11-21 08:55:56 +0000 |
---|---|---|
committer | Matthew Gilliard <matthew.gilliard@hp.com> | 2014-11-24 22:58:05 +0000 |
commit | 06e2319806c618898071eba662d5bf9773be4d39 (patch) | |
tree | 65056661206b549ca2d5c71c74acc307166ad821 /nova/context.py | |
parent | 8456b90a78b817dce1a01c7b81e8552890b0a5ac (diff) | |
download | nova-06e2319806c618898071eba662d5bf9773be4d39.tar.gz |
Prevent admin role leak in context.elevated
context.elevated was creating a copy of the current context then adding
'admin' to the roles of that context. This should be a deepcopy, otherwise
'admin' is added to the original context too.
Change-Id: I8ab00c88a8e76a14fb9f4ae96dfdb5f018fc2d0f
Closes-bug: 1386932
Diffstat (limited to 'nova/context.py')
-rw-r--r-- | nova/context.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nova/context.py b/nova/context.py index 9815bf3c9d..e78636cdde 100644 --- a/nova/context.py +++ b/nova/context.py @@ -179,7 +179,7 @@ class RequestContext(object): def elevated(self, read_deleted=None, overwrite=False): """Return a version of this context with admin flag set.""" - context = copy.copy(self) + context = copy.deepcopy(self) context.is_admin = True if 'admin' not in context.roles: |