container config json files need more retrictive mode
Bug #1714986 reported by
Steven Hardy
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| tripleo |
Fix Released
|
High
|
Steven Hardy | ||
Bug Description
The various json files we write (from ansible in deploy-steps.j2 and docker-puppet.py) get the default 0644 permissions, but some may contain sensitive data so it will be safer to write them with 0600 instead.
This fix should be backported to pike before the final release.
| Changed in tripleo: | |
| status: | New → In Progress |
| importance: | Undecided → High |
| milestone: | none → pike-rc2 |
| assignee: | nobody → Steven Hardy (shardy) |
| tags: | added: pike-backport-potential |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to tripleo-heat-templates (master) | #1 |
| Changed in tripleo: | |
| status: | In Progress → Fix Released |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to tripleo-heat-templates (stable/pike) | #2 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to tripleo-heat-templates (stable/pike) | #3 |
| tags: | added: in-stable-pike |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/tripleo-heat-templates 7.0.0.0rc2 | #4 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/tripleo-heat-templates 8.0.0.0b1 | #5 |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: Jenkins
Branch: master
commit 94c7752cfae64d9
Author: Steven Hardy <email address hidden>
Date: Mon Sep 4 13:53:04 2017 +0100
Set mode for ansible written files
Use a more restrictive mode for these files, as some may contain sensitive data
which shouldn't be world readable
Closes-Bug: #1714986
Change-Id: Ib1e79b1d4e25d6