diff options
author | Rhys Oxenham <roxenham@redhat.com> | 2017-10-12 10:31:42 +0100 |
---|---|---|
committer | Radomir Dopieralski <openstack@sheep.art.pl> | 2017-10-25 15:20:41 +0000 |
commit | e3e0f84c49510afd6da1707bfd9460513a5aee89 (patch) | |
tree | 640e259f9171db2fb3e0affa1913ad598eaf3906 | |
parent | 9dfec11795703b43991e06ef880b52cd0b3a5eb4 (diff) |
Fix /etc/openstack-dashboard/ permissions for access to *policy.json
The Kolla Dockerfile sets the permissions for /etc/openstack-dashboard/
to horizon:horizon. We need this to be readable by the apache user
as the horizon user is not the user in which httpd runs with. We may
want to consider fixing this in the upstream Dockerfile instead, e.g.
checking if we're using centos/rhel and changing the permissions that
way. I'm not sure why it's set to horizon:horizon upstream, and I'm keen
not to break any existing functionality that relies on the horizon based
permissions.
Closes-Bug: #1723125
Change-Id: If5feebae38f7fdfffa60bfaedc4521f676006484
(cherry picked from commit fd657aa4e68de7ad239a88525b5ae343acd3bf80)
-rw-r--r-- | docker/services/horizon.yaml | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index d6ffb6dc..39169d07 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -95,6 +95,12 @@ outputs: - path: /var/log/horizon/ owner: apache:apache recurse: true + # NOTE The upstream Kolla Dockerfile sets /etc/openstack-dashboard/ ownership to + # horizon:horizon - the policy.json files need read permissions for the apache user + # FIXME We should consider whether this should be fixed in the Kolla Dockerfile instead + - path: /etc/openstack-dashboard/ + owner: apache:apache + recurse: true # FIXME Apache tries to write a .lock file there - path: /usr/share/openstack-dashboard/openstack_dashboard/local/ owner: apache:apache |