Reviewed: https://review.opendev.org/c/openstack/storlets/+/906186 Committed: https://opendev.org/openstack/storlets/commit/5ad58804af885db3eb7a78bea5000c401eeeb70e Submitter: "Zuul (22348)" Branch: master
commit 5ad58804af885db3eb7a78bea5000c401eeeb70e Author: Takashi Kajinami <email address hidden> Date: Sun Jan 21 02:30:33 2024 +0900
Restrict access to local storlet/dependency files
Now swift and storlet daemon inside containers run with consistent uid so we don't need group/other permissions.
Also chown should be executed before actual file content is written, so that the content is not read by a different user.
Closes-Bug: #2047723 Change-Id: I7790e51556875be1fc6438d1e2c599b693ca3b5b
Reviewed: https:/ /review. opendev. org/c/openstack /storlets/ +/906186 /opendev. org/openstack/ storlets/ commit/ 5ad58804af885db 3eb7a78bea5000c 401eeeb70e
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 5ad58804af885db 3eb7a78bea5000c 401eeeb70e
Author: Takashi Kajinami <email address hidden>
Date: Sun Jan 21 02:30:33 2024 +0900
Restrict access to local storlet/dependency files
Now swift and storlet daemon inside containers run with consistent uid
so we don't need group/other permissions.
Also chown should be executed before actual file content is written,
so that the content is not read by a different user.
Closes-Bug: #2047723 e1fc6438d1e2c59 9b693ca3b5b
Change-Id: I7790e51556875b