OpenStack Compute (nova)

No need for allowing chmod to run as root

Bug #907396 reported by Thierry Carrez on 2011-12-21

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Won't Fix	Wishlist	Thierry Carrez

Bug Description

_inject_key_into_fs and _inject_net_into_fs run, as root:

  mkdir -p DIR
  chown root DIR
  chmod 700 DIR

Therefore those three commands are allowed to run as root.
Allowing chmod is actually useless, since we can use mkdir -m 700 instead.

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2011-12-21: Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/2508

Revision history for this message

Thierry Carrez (ttx) wrote on 2011-12-21:

From the review:
The only caveat with this is that if the sshdir exists with wrong permissions, it now won't be corrected.
That's a valid corner case, maybe a strong filter is a better option.

Changed in nova:
status:	In Progress → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.