Restrict permissions on patching logfiles

This update sets restricted permissions on patching logfiles. Change-Id: I922c6d278dc747c186288a15d12369bbddb40bea Partial-Bug: 1836632 Signed-off-by: Don Penney <don.penney@windriver.com>
2019-07-15 14:58:11 -04:00 · 2019-07-15 14:58:11 -04:00 · c001620050
parent 6ff6ee1a4d
commit c001620050
2 changed files with 9 additions and 1 deletions
--- a/cgcs-patch/centos/build_srpm.data
+++ b/cgcs-patch/centos/build_srpm.data
@ -1 +1 @@
-TIS_PATCH_VER=27
+TIS_PATCH_VER=28
--- a/cgcs-patch/cgcs-patch/cgcs_patch/patch_functions.py
+++ b/cgcs-patch/cgcs-patch/cgcs_patch/patch_functions.py
@ -83,11 +83,19 @@ def configure_logging(logtofile=True, level=logging.INFO):
        main_log_handler = logging.FileHandler(logfile)
        main_log_handler.setFormatter(formatter)
        LOG.addHandler(main_log_handler)
+        try:
+            os.chmod(logfile, 0o640)
+        except Exception:
+            pass

        auditLOG.setLevel(level)
        api_log_handler = logging.FileHandler(apilogfile)
        api_log_handler.setFormatter(formatter)
        auditLOG.addHandler(api_log_handler)
+        try:
+            os.chmod(apilogfile, 0o640)
+        except Exception:
+            pass

        # Log uncaught exceptions to file
        sys.excepthook = handle_exception