github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-04-28 03:42:09 +00:00
Code Issues Projects Releases Wiki Activity

qemu/image: Reduce permissions of .iso creation dir

Browse Source 
The contents of .iso used to bootstrap VMs with cloudinit are
initialised using a precreated, short-lived  directory.  The
permissions on this directory were too lenient.  This commit
restricts access to this directory to the user and his/her group.

Signed-off-by: Mark Ryan <mark.d.ryan@intel.com>
This commit is contained in:
Mark Ryan 2018-09-13 09:18:47 +02:00
parent 032705ba6a
commit de00d7a681
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
qemu/image.go
View File

@ -49,8 +49,7 @@ func CreateCloudInitISO(ctx context.Context, scratchDir, isoPath string,
_ = os.RemoveAll(configDrivePath)
}()
/* #nosec */
err := os.MkdirAll(dataDirPath, 0755)
err := os.MkdirAll(dataDirPath, 0750)
if err != nil {
return fmt.Errorf("Unable to create config drive directory %s : %v",
dataDirPath, err)