[Victoria and bellow] Ensure rights on the ansible.log file
When mistral starts the Ansible action, a log file is created runtime. But nothing takes care of its access right, leading to potential data leaks to unprivileged users (default mode is 0644). This patch creates the logfile beforehands, and sets the needed rights on it. Change-Id: Ica1b5c0a165cc06fac668513114eef2b4ba73f56 Closes-Bug: #1918138
This commit is contained in:
parent
366b10b0fe
commit
d485407159
|
@ -120,6 +120,11 @@ def write_default_ansible_cfg(work_dir,
|
||||||
datetime.now().strftime("%Y-%m-%dT%H:%M:%S"))
|
datetime.now().strftime("%Y-%m-%dT%H:%M:%S"))
|
||||||
os.rename(log_path, new_path)
|
os.rename(log_path, new_path)
|
||||||
|
|
||||||
|
# Create the log file, and set some rights on it in order to prevent
|
||||||
|
# unwanted access
|
||||||
|
open(log_path, 'a').close()
|
||||||
|
os.chmod(log_path, 0o640)
|
||||||
|
|
||||||
config.set('defaults', 'forks', str(min(
|
config.set('defaults', 'forks', str(min(
|
||||||
multiprocessing.cpu_count() * 4, 100)))
|
multiprocessing.cpu_count() * 4, 100)))
|
||||||
config.set('defaults', 'timeout', '30')
|
config.set('defaults', 'timeout', '30')
|
||||||
|
|
Loading…
Reference in New Issue