From 41d599cb37fbc082a4869e32b520d7017085c4f7 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Mon, 4 Sep 2017 13:53:04 +0100 Subject: Set mode for ansible written files Use a more restrictive mode for these files, as some may contain sensitive data which shouldn't be world readable Closes-Bug: #1714986 Change-Id: Ib1e79b1d4e25d6e329938402b1ca776bdab81bdd (cherry picked from commit 94c7752cfae64d96124a32bc36ccd6ec7b4df4a7) --- docker/docker-puppet.py | 1 + 1 file changed, 1 insertion(+) (limited to 'docker') diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 613adf10..0451ed51 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -366,6 +366,7 @@ for infile in infiles: outfile = os.path.join(os.path.dirname(infile), "hashed-" + os.path.basename(infile)) with open(outfile, 'w') as out_f: + os.chmod(out_f.name, 0600) json.dump(infile_data, out_f) if not success: -- cgit 1.2.3-korg