2468fb5939
Murano Agent uses default folder permissions for the execution plans and scripts. If the default is too permissive (which is unusual), other users on that machine can trick the agent to execute malicious execution plans by putting files into queue folder and use it to get the root privileges. In most common sense users won't have write permissions to murano-agent folders. However, they can hijack execution plans and other data that might contain sensitive information. This commit sets 0700 mode to the agent runtime folders so that they can be accessed only by the user that runs the agent (+ the root, if it's someone else). Change-Id: I27f0495a509c4d1435d630e2bc5bfdf3549486d5 |
||
---|---|---|
contrib | ||
doc/source | ||
etc | ||
muranoagent | ||
releasenotes | ||
tools | ||
.gitignore | ||
.gitreview | ||
.testr.conf | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
README.rst | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
Team and repository tags
Murano Agent
Murano Agent is a VM-side guest agent that accepts commands from Murano engine and executes them.
Image building using DiskImage-Builder
Folder, named contrib/elements contains diskimage-builder elements to build an image which contains the Murano Agent required to use Murano.
Ubuntu based image containing the agent can be built and uploaded to Glance with the following commands:
$ git clone https://git.openstack.org/openstack/diskimage-builder.git
$ git clone https://git.openstack.org/openstack/murano-agent.git
$ export ELEMENTS_PATH=murano-agent/contrib/elements
$ export DIB_CLOUD_INIT_DATASOURCES=OpenStack
$ diskimage-builder/bin/disk-image-create vm ubuntu \
murano-agent -o ubuntu-murano-agent.qcow2
$ openstack image create ubuntu-murano --disk-format qcow2
--container-format bare --file ubuntu-murano-agent.qcow2 \
--property murano_image_info='{"title": "Ubuntu for Murano", "type": "linux"}'
Project Resources
Project status, bugs, and blueprints are tracked on Launchpad:
Developer documentation can be found here:
Additional resources are linked from the project wiki page:
License
Apache License Version 2.0 http://www.apache.org/licenses/LICENSE-2.0