Set manifests to mode 600 and owner root

Manifests files can release sensitive information and therefore should have restrictive permissions. Change-Id: I64d6c830217a7d8b0172df2dc774079dcd1e2a68 Related-Bug: #1671842
2017-05-17 08:50:21 -07:00
parent 1c0a5d995a
commit 57ef187632
1 changed files with 4 additions and 0 deletions
--- a/diskimage_builder/elements/manifests/cleanup.d/01-copy-manifests-dir
+++ b/diskimage_builder/elements/manifests/cleanup.d/01-copy-manifests-dir
@@ -34,3 +34,7 @@ echo "$DIB_ARGS" | sudo dd of=${MANIFEST_IMAGE_PATH}/dib_arguments  # dib-lint:

 mkdir -p ${DIB_MANIFEST_SAVE_DIR}
 cp --no-preserve=ownership -rv ${MANIFEST_IMAGE_PATH} ${DIB_MANIFEST_SAVE_DIR}
+
+# may contain passwords, etc, so limit permissions
+find ${DIB_MANIFEST_SAVE_DIR} -type f | xargs sudo chown root:root # dib-lint: safe_sudo
+find ${DIB_MANIFEST_SAVE_DIR} -type f | xargs sudo chmod 600 # dib-lint: safe_sudo