From 06e2319806c618898071eba662d5bf9773be4d39 Mon Sep 17 00:00:00 2001
From: Matthew Gilliard <matthew.gilliard@hp.com>
Date: Fri, 21 Nov 2014 08:55:56 +0000
Subject: Prevent admin role leak in context.elevated

context.elevated was creating a copy of the current context then adding
'admin' to the roles of that context. This should be a deepcopy, otherwise
'admin' is added to the original context too.

Change-Id: I8ab00c88a8e76a14fb9f4ae96dfdb5f018fc2d0f
Closes-bug: 1386932
---
 nova/context.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nova/context.py')

diff --git a/nova/context.py b/nova/context.py
index 9815bf3c9d..e78636cdde 100644
--- a/nova/context.py
+++ b/nova/context.py
@@ -179,7 +179,7 @@ class RequestContext(object):
 
     def elevated(self, read_deleted=None, overwrite=False):
         """Return a version of this context with admin flag set."""
-        context = copy.copy(self)
+        context = copy.deepcopy(self)
         context.is_admin = True
 
         if 'admin' not in context.roles:
-- 
cgit v1.2.1