[Victoria and bellow] Ensure rights on the ansible.log file
When mistral starts the Ansible action, a log file is created runtime.
But nothing takes care of its access right, leading to potential data
leaks to unprivileged users (default mode is 0644).
This patch creates the logfile beforehands, and sets the needed rights
on it.
Change-Id: Ica1b5c0a165cc06fac668513114eef2b4ba73f56
Closes-Bug: #1918138
(cherry picked from commit d485407159ea6cb2c7abf6d5788d85147f433996)
(cherry picked from commit fdd5c0c09161c69975c0b62a02cbf256295c0c48)
Reviewed: https:/ /review. opendev. org/c/openstack /tripleo- common/ +/786971 /opendev. org/openstack/ tripleo- common/ commit/ 32e2249e41c637e 8f6362a4d459b14 18d2a3324e
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/train
commit 32e2249e41c637e 8f6362a4d459b14 18d2a3324e
Author: Cédric Jeanneret <email address hidden>
Date: Mon Mar 8 14:35:55 2021 +0100
[Victoria and bellow] Ensure rights on the ansible.log file
When mistral starts the Ansible action, a log file is created runtime.
But nothing takes care of its access right, leading to potential data
leaks to unprivileged users (default mode is 0644).
This patch creates the logfile beforehands, and sets the needed rights
on it.
Change-Id: Ica1b5c0a165cc0 6fac668513114ee f2b4ba73f56 2c7abf6d5788d85 147f433996) 975c0b62a02cbf2 56295c0c48)
Closes-Bug: #1918138
(cherry picked from commit d485407159ea6cb
(cherry picked from commit fdd5c0c09161c69