Juniper Openstack

Better to limit access to pem file for haproxy

Bug #1710859 reported by Vedamurthy Joshi on 2017-08-15

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R4.0	Fix Committed	High	Yuvaraja Mariappan	Juniper Openstack r4.0.1.0 "r4.0.1.0"
Trunk	Fix Committed	High	Yuvaraja Mariappan	Juniper Openstack r4.1.0.0-fcs "r4.1"

Bug Description

R4.0.1.0 Cont Build 19

The pem file created to run with haproxy(has crt and private key) has permissions to allow everybody to be able to read it
It would be good to not allow this

root@nodek3:~# ls -l /var/lib/contrail/loadbalancer/haproxy/12682e86-81a5-11e7-9b94-002590c30af2/foo.bar.com.pem
-rw-r--r-- 1 root root 2808 Aug 15 16:02 /var/lib/contrail/loadbalancer/haproxy/12682e86-81a5-11e7-9b94-002590c30af2/foo.bar.com.pem
root@nodek3:~#

Tags:

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-08-21: [Review update] R4.0

Review in progress for https://review.opencontrail.org/34763
Submitter: Yuvaraja Mariappan

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-08-21: [Review update] master

Review in progress for https://review.opencontrail.org/34765
Submitter: Yuvaraja Mariappan

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-08-22: A change has been merged

Reviewed: https://review.opencontrail.org/34763
Committed: http://github.com/Juniper/contrail-controller/commit/188da974135cc8fe63a2807f6ce01290e0e0fb6b
Submitter: Zuul (<email address hidden>)
Branch: R4.0

commit 188da974135cc8fe63a2807f6ce01290e0e0fb6b
Author: Yuvaraja Mariappan <email address hidden>
Date: Mon Aug 21 11:38:19 2017 -0700

Fixed file permission issues for lbaas ssl certificates

ssl certificates are with 0644 file permission which is
changed to 0600

Change-Id: I4ac0c2305dc9f031ae578e9adcce4494dcc253b4
Closes-bug: #1710859

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-08-23:

Reviewed: https://review.opencontrail.org/34765
Committed: http://github.com/Juniper/contrail-controller/commit/d0f39859b2eadac972bf00708831c67ecc9caf11
Submitter: Zuul (<email address hidden>)
Branch: master

commit d0f39859b2eadac972bf00708831c67ecc9caf11
Author: Yuvaraja Mariappan <email address hidden>
Date: Mon Aug 21 11:38:19 2017 -0700

Fixed file permission issues for lbaas ssl certificates

ssl certificates are with 0644 file permission which is
changed to 0600

Change-Id: I4ac0c2305dc9f031ae578e9adcce4494dcc253b4
Closes-bug: #1710859

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.