aboutsummaryrefslogtreecommitdiffstats
path: root/docker/docker-puppet.py
diff options
context:
space:
mode:
authorSteven Hardy <shardy@redhat.com>2017-09-04 13:53:04 +0100
committerEmilien Macchi <emilien@redhat.com>2017-09-05 15:23:48 +0000
commit41d599cb37fbc082a4869e32b520d7017085c4f7 (patch)
tree699ac5e76a621d93921c4cc10ff62977d8e03f74 /docker/docker-puppet.py
parent9f408dbe8bc8371424ecb816877b1cfe62498f8d (diff)
Set mode for ansible written files
Use a more restrictive mode for these files, as some may contain sensitive data which shouldn't be world readable Closes-Bug: #1714986 Change-Id: Ib1e79b1d4e25d6e329938402b1ca776bdab81bdd (cherry picked from commit 94c7752cfae64d96124a32bc36ccd6ec7b4df4a7)
Diffstat (limited to 'docker/docker-puppet.py')
-rwxr-xr-xdocker/docker-puppet.py1
1 files changed, 1 insertions, 0 deletions
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py
index 613adf10..0451ed51 100755
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@@ -366,6 +366,7 @@ for infile in infiles:
outfile = os.path.join(os.path.dirname(infile), "hashed-" + os.path.basename(infile))
with open(outfile, 'w') as out_f:
+ os.chmod(out_f.name, 0600)
json.dump(infile_data, out_f)
if not success: