Alon Bar-Lev has uploaded a new change for review. Change subject: packaging: engine-service: set restrictive umask ......................................................................
packaging: engine-service: set restrictive umask python-daemon overrides umask to 0, which unsecured (world writable), so override umask with our own value. for some reason jboss changes the permissions of configuration file and deployment to 0777, enforcing umask of 0027 perform some remedy at the price of having logs not world readable as well. this is applied until a better solution can be found. Change-Id: Ie76e5ffcdccd8c3a0bedbb9ce9bd56e146eeccd9 Signed-off-by: Alon Bar-Lev <[email protected]> --- M packaging/services/service.py 1 file changed, 1 insertion(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/67/14567/1 diff --git a/packaging/services/service.py b/packaging/services/service.py index a2d800e..2ebfbaa 100755 --- a/packaging/services/service.py +++ b/packaging/services/service.py @@ -490,6 +490,7 @@ }, stdout=stdout, stderr=stderr, + umask=0o027, ): self._logger.debug('I am a daemon %s', os.getpid()) -- To view, visit http://gerrit.ovirt.org/14567 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie76e5ffcdccd8c3a0bedbb9ce9bd56e146eeccd9 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
