From 7bba86fc582b6d599117be06c23d0a3d91332cfd Mon Sep 17 00:00:00 2001
From: Bogdan Dobrelya <bdobreli@redhat.com>
Date: Thu, 22 Sep 2022 15:41:43 +0200
Subject: [PATCH] Run virtqemud with umask 0027

Virtqemud container requires umask 0027 as libvirt/qemu dynamic
permissions should be restricted to not create VM files world readable.

Depends-On: https://review.opendev.org/858930
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Change-Id: I2bdc9c96cfce3df529229f4194dc816fa798658d
---
 deployment/nova/nova-modular-libvirt-container-puppet.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/deployment/nova/nova-modular-libvirt-container-puppet.yaml b/deployment/nova/nova-modular-libvirt-container-puppet.yaml
index 9705dfe063..5faaef47d0 100644
--- a/deployment/nova/nova-modular-libvirt-container-puppet.yaml
+++ b/deployment/nova/nova-modular-libvirt-container-puppet.yaml
@@ -671,6 +671,7 @@ outputs:
                 depends_on: *libvirt_depends_on
                 environment:
                   KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
+                  TRIPLEO_KOLLA_UMASK: "0027"
                 volumes:
                   list_concat:
                     - {get_attr: [ContainersCommon, volumes]}