From 27f11ec6c2e0939c9f728124e803d3e92cc8b433 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 13 Mar 2017 17:17:15 +1000 Subject: [PATCH] set the permissions for /var/lib/rancher/conf to 0700 Signed-off-by: Sven Dowideit --- cmd/control/install.go | 2 +- config/cloudinit/datasource/configdrive/configdrive.go | 2 +- config/disk.go | 2 +- config/types.go | 1 + init/init.go | 8 +++++++- tests/network_test.go | 2 ++ 6 files changed, 13 insertions(+), 4 deletions(-) diff --git a/cmd/control/install.go b/cmd/control/install.go index d949927d..d17d3820 100755 --- a/cmd/control/install.go +++ b/cmd/control/install.go @@ -562,7 +562,7 @@ func seedData(baseName, cloudData string, files []string) error { return err } - if err = os.MkdirAll(filepath.Join(baseName, "/var/lib/rancher/conf/cloud-config.d"), 0755); err != nil { + if err = os.MkdirAll(filepath.Join(baseName, "/var/lib/rancher/conf/cloud-config.d"), 0700); err != nil { return err } diff --git a/config/cloudinit/datasource/configdrive/configdrive.go b/config/cloudinit/datasource/configdrive/configdrive.go index a648a731..fa6ce056 100755 --- a/config/cloudinit/datasource/configdrive/configdrive.go +++ b/config/cloudinit/datasource/configdrive/configdrive.go @@ -147,7 +147,7 @@ func (cd *ConfigDrive) tryReadFile(filename string) ([]byte, error) { } func MountConfigDrive() error { - if err := os.MkdirAll(configDevMountPoint, 644); err != nil { + if err := os.MkdirAll(configDevMountPoint, 700); err != nil { return err } diff --git a/config/disk.go b/config/disk.go index 2bc1e1a2..4531463f 100644 --- a/config/disk.go +++ b/config/disk.go @@ -220,7 +220,7 @@ func WriteToFile(data interface{}, filename string) error { return err } - if err := os.MkdirAll(filepath.Dir(filename), os.ModeDir|0755); err != nil { + if err := os.MkdirAll(filepath.Dir(filename), os.ModeDir|0700); err != nil { return err } diff --git a/config/types.go b/config/types.go index a1064df5..db9267c9 100755 --- a/config/types.go +++ b/config/types.go @@ -38,6 +38,7 @@ const ( System = "system" OsConfigFile = "/usr/share/ros/os-config.yml" + VarRancherDir = "/var/lib/rancher" CloudConfigDir = "/var/lib/rancher/conf/cloud-config.d" CloudConfigBootFile = "/var/lib/rancher/conf/cloud-config.d/boot.yml" CloudConfigNetworkFile = "/var/lib/rancher/conf/cloud-config.d/network.yml" diff --git a/init/init.go b/init/init.go index d5235f30..47594b28 100755 --- a/init/init.go +++ b/init/init.go @@ -330,13 +330,19 @@ func RunInit() error { mountOem, func(cfg *config.CloudConfig) (*config.CloudConfig, error) { for name, content := range configFiles { - if err := os.MkdirAll(filepath.Dir(name), os.ModeDir|0755); err != nil { + if err := os.MkdirAll(filepath.Dir(name), os.ModeDir|0700); err != nil { log.Error(err) } if err := util.WriteFileAtomic(name, content, 400); err != nil { log.Error(err) } } + if err := os.MkdirAll(config.VarRancherDir, os.ModeDir|0755); err != nil { + log.Error(err) + } + if err := os.Chmod(config.VarRancherDir, os.ModeDir|0755); err != nil { + log.Error(err) + } return cfg, nil }, func(cfg *config.CloudConfig) (*config.CloudConfig, error) { diff --git a/tests/network_test.go b/tests/network_test.go index 60ea821d..35c57e45 100755 --- a/tests/network_test.go +++ b/tests/network_test.go @@ -55,6 +55,8 @@ func (s *QemuSuite) TestNetworkCfg(c *C) { inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 + inet XX.XX.XX.XX/24 brd 10.0.2.255 scope global eth0 + valid_lft forever preferred_lft forever inet 10.1.0.41/24 scope global eth0 valid_lft forever preferred_lft forever inet6 XX::XX:XX:XX:XX/64 scope link