From ba2a69644f79ec54da8c2356f591f2c3f403bd6b Mon Sep 17 00:00:00 2001 From: Damien Ciabrini Date: Tue, 15 Jan 2019 15:37:02 +0100 Subject: [PATCH] Ensure /run_command is readable by all users On some distro, running kolla_start via su changes the default UMASK, and consequently set_configs.py generates a /run_command that is not world-readable, and kolla cannot start the configured service. Make sure /run_command always has 'go+r' permissions. Change-Id: I6304f5937c512068ee1fb8aac5c88a2bd086e387 --- docker/base/set_configs.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docker/base/set_configs.py b/docker/base/set_configs.py index 65ce210ba1..5533e668a4 100644 --- a/docker/base/set_configs.py +++ b/docker/base/set_configs.py @@ -310,8 +310,14 @@ def copy_config(config): LOG.info('Writing out command to execute') LOG.debug("Command is: %s", config['command']) # The value from the 'command' key will be written to '/run_command' - with open('/run_command', 'w+') as f: + cmd = '/run_command' + with open(cmd, 'w+') as f: f.write(config['command']) + # Make sure the generated file is readable by all users + try: + os.chmod(cmd, 0o644) + except OSError: + LOG.exception('Failed to set permission of %s to 0o644', cmd) def user_group(owner):