openstack/validations-common
Code Issues Proposed changes

Merge "Enforce some better rights on temporary files"

Browse Source
This commit is contained in:
Zuul
2021-07-05 17:32:18 +00:00
committed by Gerrit Code Review
parent f4498e12b6 f5d2363215
commit f5a08d4236
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
validations_common/roles/validate_selinux/tasks/main.yml
View File

@@ -58,6 +58,7 @@
shell: |
set -o pipefail
grep -i denied {{ validate_selinux_audit_source }} > /tmp/denials.log || (echo "No denials found in auditlog"; exit 0)
chmod 0600 /tmp/denials.log
- name: Get stat for denials.log
stat:
@@ -77,7 +78,7 @@
template:
src: skip-list.j2
dest: "{{ validate_selinux_skip_list_dest }}"
mode: 0644
mode: 0600
- name: Filter out denials
when: validate_selinux_skip_list != {}
@@ -86,6 +87,7 @@
shell: |
set -o pipefail
grep -v -f {{ validate_selinux_skip_list_dest }} /tmp/denials.log > {{ validate_selinux_filtered_denials_dest }}
chmod 0600 {{ validate_selinux_filtered_denials_dest }}
- name: No skip_list
when: validate_selinux_skip_list == {}
@@ -93,6 +95,7 @@
remote_src: true
src: /tmp/denials.log
dest: "{{ validate_selinux_filtered_denials_dest }}"
mode: 0600
- name: Get stat for filtered denials
stat: