octavia::certificate should more restrict access to certificate files
Bug #2049203 reported by
Takashi Kajinami
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet-octavia |
Fix Released
|
High
|
Takashi Kajinami |
Bug Description
Currently the octavia:
However this is inappropriate because
- The certificate files don't need x bit
- The certificate files, especially the private key file, should not be read by an unrelated user
Changed in puppet-octavia: | |
importance: | Undecided → Critical |
importance: | Critical → High |
assignee: | nobody → Takashi Kajinami (kajinamit) |
Changed in puppet-octavia: | |
status: | New → In Progress |
description: | updated |
To post a comment you must log in.
Reviewed: https:/ /review. opendev. org/c/openstack /puppet- octavia/ +/905439 /opendev. org/openstack/ puppet- octavia/ commit/ 76e1ac5e8c6f700 025a849f10c555c dd686f822d
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 76e1ac5e8c6f700 025a849f10c555c dd686f822d
Author: Takashi Kajinami <email address hidden>
Date: Fri Jan 12 22:31:17 2024 +0900
Restrict access to certificate files
The certificate files don't need x bits. Also these files, especially
the private key file should have very restricted access.
Closes-Bug: #2049203 509ad971fea3227 7a7a9b59dc3
Change-Id: I3f4cf18b70420a