Run virtqemud with umask 0027

Virtqemud container requires umask 0027 as libvirt/qemu dynamic permissions should be restricted to not create VM files world readable. Depends-On: https://review.opendev.org/858930 Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com> Change-Id: I2bdc9c96cfce3df529229f4194dc816fa798658d
2022-09-22 15:41:43 +02:00 · 2022-09-22 15:41:43 +02:00 · 7bba86fc58
parent e36aaed0e8
commit 7bba86fc58
1 changed files with 1 additions and 0 deletions
--- a/deployment/nova/nova-modular-libvirt-container-puppet.yaml
+++ b/deployment/nova/nova-modular-libvirt-container-puppet.yaml
@ -671,6 +671,7 @@ outputs:
                depends_on: *libvirt_depends_on
                environment:
                  KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
+                  TRIPLEO_KOLLA_UMASK: "0027"
                volumes:
                  list_concat:
                    - {get_attr: [ContainersCommon, volumes]}