=== modified file 'debian/changelog'
--- debian/changelog	2011-09-29 18:57:57 +0000
+++ debian/changelog	2011-09-30 17:50:15 +0000
@@ -1,9 +1,13 @@
 nova (2011.3-0ubuntu4) UNRELEASED; urgency=low
 
+  [Adam Gandelman]
+  * debian/nova-common.postinst: Restrict permissions of /var/log/nova
+    (LP: #862816)
+
   [Ante Karamatic]
   * Add /usr/sbin/ietadm to sudoers (LP: #861547)
   * debian/control: Fix typo in Vcs-Bzr
- 
+
   [Chuck Short]
   * debian/patches/backport-libvirt-console-pipe.patch:
     Move console.log to a ringbuffer so that the console.log

=== modified file 'debian/nova-common.postinst'
--- debian/nova-common.postinst	2011-09-27 01:38:20 +0000
+++ debian/nova-common.postinst	2011-09-30 17:47:29 +0000
@@ -10,6 +10,7 @@
     chown -R nova:nova /var/lib/nova/ /var/log/nova/ /etc/nova/nova.conf
     chmod 600 /etc/nova/nova.conf
     chmod 0440 /etc/sudoers.d/nova_sudoers
+    chmod 0700 /var/log/nova
     if ! grep -q sql_connection /etc/nova/nova.conf
     then
       su -c 'nova-manage db sync' nova