container config json files need more retrictive mode
Bug #1714986 reported by
Steven Hardy
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Steven Hardy |
Bug Description
The various json files we write (from ansible in deploy-steps.j2 and docker-puppet.py) get the default 0644 permissions, but some may contain sensitive data so it will be safer to write them with 0600 instead.
This fix should be backported to pike before the final release.
Changed in tripleo: | |
status: | New → In Progress |
importance: | Undecided → High |
milestone: | none → pike-rc2 |
assignee: | nobody → Steven Hardy (shardy) |
tags: | added: pike-backport-potential |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/500585 /git.openstack. org/cgit/ openstack/ tripleo- heat-templates/ commit/ ?id=94c7752cfae 64d96124a32bc36 ccd6ec7b4df4a7
Committed: https:/
Submitter: Jenkins
Branch: master
commit 94c7752cfae64d9 6124a32bc36ccd6 ec7b4df4a7
Author: Steven Hardy <email address hidden>
Date: Mon Sep 4 13:53:04 2017 +0100
Set mode for ansible written files
Use a more restrictive mode for these files, as some may contain sensitive data
which shouldn't be world readable
Closes-Bug: #1714986 e329938402b1ca7 76bdab81bdd
Change-Id: Ib1e79b1d4e25d6