bc8b321fe2
This patch updates all the roles to the latest available SHA's, updates all the OpenStack Service SHA's and also updates the appropriate python requirements pins. Change-Id: Ia9cb9dd47b391ebcbcc26d320245e3a7e4751568
26 lines
966 B
YAML
26 lines
966 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
All of the discretionary access control (DAC) auditing is now disabled by
|
|
default. This reduces the amount of logs generated during deployments and
|
|
minor upgrades. The following variables are now set to ``no``:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_audit_DAC_chmod: no
|
|
security_audit_DAC_chown: no
|
|
security_audit_DAC_lchown: no
|
|
security_audit_DAC_fchmod: no
|
|
security_audit_DAC_fchmodat: no
|
|
security_audit_DAC_fchown: no
|
|
security_audit_DAC_fchownat: no
|
|
security_audit_DAC_fremovexattr: no
|
|
security_audit_DAC_lremovexattr: no
|
|
security_audit_DAC_fsetxattr: no
|
|
security_audit_DAC_lsetxattr: no
|
|
security_audit_DAC_setxattr: no
|
|
fixes:
|
|
- The auditd rules for auditing V-38568 (filesystem mounts) were incorrectly
|
|
labeled in the auditd logs with the key of ``export-V-38568``. They are
|
|
now correctly logged with the key ``filesystem_mount-V-38568``.
|