openstack
/
diskimage-builder
Code Issues Proposed changes

Set manifests to mode 600 and owner root 

Manifests files can release sensitive information and therefore should
have restrictive permissions.

Change-Id: I64d6c830217a7d8b0172df2dc774079dcd1e2a68
Related-Bug: #1671842
This commit is contained in:
Gregory Haynes 2017-05-17 08:50:21 -07:00 committed by Ian Wienand
parent 1c0a5d995a
commit 57ef187632
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
diskimage_builder/elements/manifests/cleanup.d/01-copy-manifests-dir
View File

@ -34,3 +34,7 @@ echo "$DIB_ARGS" | sudo dd of=${MANIFEST_IMAGE_PATH}/dib_arguments # dib-lint:
mkdir -p ${DIB_MANIFEST_SAVE_DIR}
cp --no-preserve=ownership -rv ${MANIFEST_IMAGE_PATH} ${DIB_MANIFEST_SAVE_DIR}
# may contain passwords, etc, so limit permissions
find ${DIB_MANIFEST_SAVE_DIR} -type f | xargs sudo chown root:root # dib-lint: safe_sudo
find ${DIB_MANIFEST_SAVE_DIR} -type f | xargs sudo chmod 600 # dib-lint: safe_sudo