Fix /etc/openstack-dashboard/ permissions for access to *policy.json

The Kolla Dockerfile sets the permissions for /etc/openstack-dashboard/ to horizon:horizon. We need this to be readable by the apache user as the horizon user is not the user in which httpd runs with. We may want to consider fixing this in the upstream Dockerfile instead, e.g. checking if we're using centos/rhel and changing the permissions that way. I'm not sure why it's set to horizon:horizon upstream, and I'm keen not to break any existing functionality that relies on the horizon based permissions. Closes-Bug: #1723125 Change-Id: If5feebae38f7fdfffa60bfaedc4521f676006484
2017-10-12 10:31:42 +01:00 · 2017-10-12 10:31:42 +01:00 · fd657aa4e6
parent 7d2a5d6340
commit fd657aa4e6
1 changed files with 6 additions and 0 deletions
--- a/docker/services/horizon.yaml
+++ b/docker/services/horizon.yaml
@ -95,6 +95,12 @@ outputs:
            - path: /var/log/horizon/
              owner: apache:apache
              recurse: true
+            # NOTE The upstream Kolla Dockerfile sets /etc/openstack-dashboard/ ownership to
+            # horizon:horizon - the policy.json files need read permissions for the apache user
+            # FIXME We should consider whether this should be fixed in the Kolla Dockerfile instead
+            - path: /etc/openstack-dashboard/
+              owner: apache:apache
+              recurse: true
            # FIXME Apache tries to write a .lock file there
            - path: /usr/share/openstack-dashboard/openstack_dashboard/local/
              owner: apache:apache