[Victoria and bellow] Ensure rights on the ansible.log file
When mistral starts the Ansible action, a log file is created runtime. But nothing takes care of its access right, leading to potential data leaks to unprivileged users (default mode is 0644). This patch creates the logfile beforehands, and sets the needed rights on it. Change-Id: Ica1b5c0a165cc06fac668513114eef2b4ba73f56 Closes-Bug: #1918138 (cherry picked from commitd485407159
) (cherry picked from commitfdd5c0c091
)
This commit is contained in:
parent
dbdaa05dc6
commit
32e2249e41
|
@ -119,6 +119,11 @@ def write_default_ansible_cfg(work_dir,
|
|||
datetime.now().strftime("%Y-%m-%dT%H:%M:%S"))
|
||||
os.rename(log_path, new_path)
|
||||
|
||||
# Create the log file, and set some rights on it in order to prevent
|
||||
# unwanted access
|
||||
open(log_path, 'a').close()
|
||||
os.chmod(log_path, 0o640)
|
||||
|
||||
config.set('defaults', 'forks', str(min(
|
||||
multiprocessing.cpu_count() * 4, 100)))
|
||||
config.set('defaults', 'timeout', '30')
|
||||
|
|
Loading…
Reference in New Issue