summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-05-24 06:58:10 +0000
committerGerrit Code Review <review@openstack.org>2017-05-24 06:58:10 +0000
commit0208f83a97f7ada96da913ca91b9b8a18744bdc7 (patch)
tree6e58ea335dd47944e35c12601f5d762e97c02dc2
parent57c40a2ac42a4314926a8ed2fcd0f6d17ac762ad (diff)
parentf1369a1add9552ec2f11cc97ee5e9e09f02b49ff (diff)
Merge "Set manifest permissions in the image"2.4.1
-rwxr-xr-xdiskimage_builder/elements/manifests/cleanup.d/01-copy-manifests-dir9
1 files changed, 6 insertions, 3 deletions
diff --git a/diskimage_builder/elements/manifests/cleanup.d/01-copy-manifests-dir b/diskimage_builder/elements/manifests/cleanup.d/01-copy-manifests-dir
index 15aec97..3ac1925 100755
--- a/diskimage_builder/elements/manifests/cleanup.d/01-copy-manifests-dir
+++ b/diskimage_builder/elements/manifests/cleanup.d/01-copy-manifests-dir
@@ -32,9 +32,12 @@ MANIFEST_IMAGE_PATH=${TMP_MOUNT_PATH}/${DIB_MANIFEST_IMAGE_DIR}
32echo "$DIB_ENV" | sudo dd of=${MANIFEST_IMAGE_PATH}/dib_environment # dib-lint: safe_sudo 32echo "$DIB_ENV" | sudo dd of=${MANIFEST_IMAGE_PATH}/dib_environment # dib-lint: safe_sudo
33echo "$DIB_ARGS" | sudo dd of=${MANIFEST_IMAGE_PATH}/dib_arguments # dib-lint: safe_sudo 33echo "$DIB_ARGS" | sudo dd of=${MANIFEST_IMAGE_PATH}/dib_arguments # dib-lint: safe_sudo
34 34
35# Save the manifests locally to the save dir
35mkdir -p ${DIB_MANIFEST_SAVE_DIR} 36mkdir -p ${DIB_MANIFEST_SAVE_DIR}
36cp --no-preserve=ownership -rv ${MANIFEST_IMAGE_PATH} ${DIB_MANIFEST_SAVE_DIR} 37cp --no-preserve=ownership -rv ${MANIFEST_IMAGE_PATH} ${DIB_MANIFEST_SAVE_DIR}
37 38
38# may contain passwords, etc, so limit permissions 39# Lock down permissions on the manifest files inside the image to
39find ${DIB_MANIFEST_SAVE_DIR} -type f | xargs sudo chown root:root # dib-lint: safe_sudo 40# root. We don't want regular users being able to see what might
40find ${DIB_MANIFEST_SAVE_DIR} -type f | xargs sudo chmod 600 # dib-lint: safe_sudo 41# contain a password, etc.
42find ${MANIFEST_IMAGE_PATH} -type f | xargs sudo chown root:root # dib-lint: safe_sudo
43find ${MANIFEST_IMAGE_PATH} -type f | xargs sudo chmod 600 # dib-lint: safe_sudo