diff options
author | Cédric Ollivier <cedric.ollivier@orange.com> | 2017-07-02 10:16:05 +0200 |
---|---|---|
committer | Cédric Ollivier <cedric.ollivier@orange.com> | 2017-07-02 11:51:16 +0200 |
commit | 3dcd1e4db7540459d3dff337684547d68fea2b44 (patch) | |
tree | 19f47729bee5edf576bf60855711c6f7075dfaff /docker/Dockerfile | |
parent | 2c3ba281084c7e6b01c7a5612a8a43d43565331a (diff) |
Apply restrictive file permissions
It conforms with [1] by creating a new venv which checks the unix
permissions. As jjobs call Functest console scripts [2], all perms
can be 644.
Dockerfiles are updated as well.
[1] https://security.openstack.org/guidelines/dg_apply-restrictive-file-permissions.html
[2] https://gerrit.opnfv.org/gerrit/#/c/36805/
Depends-On: I9209e6efa1b493e24135402a46df72aaa14115d1
Change-Id: I31bc7f12b775928845e23b6b40288b0a50b87219
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
Diffstat (limited to 'docker/Dockerfile')
-rw-r--r-- | docker/Dockerfile | 16 |
1 files changed, 0 insertions, 16 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile index d38713e0..a4a42588 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -101,22 +101,6 @@ RUN git clone --depth 1 -b $VIMS_TAG https://github.com/boucherv-orange/clearwat RUN git clone --depth 1 -b $VROUTER_TAG https://github.com/oolorg/opnfv-functest-vrouter.git ${REPOS_VNFS_DIR}/vrouter RUN git clone --depth 1 https://github.com/wuwenbin2/OnosSystemTest.git ${REPOS_DIR}/onos -RUN find -L ${FUNCTEST_REPO_DIR} -name "*.py" \ - -not -path "*tests/unit*" \ - -not -path "*functest_venv*" \ - |xargs grep -L __main__ |cut -d\: -f 1 |xargs chmod -c 644 \ - && find -L ${FUNCTEST_REPO_DIR} -name "*.sh" \ - -not -path "*functest_venv*" \ - |xargs grep -L \#\! |cut -d\: -f 1 |xargs chmod -c 644 - -RUN find -L ${FUNCTEST_REPO_DIR} -name "*.py" \ - -not -path "*tests/unit*" \ - -not -path "*functest_venv*" \ - |xargs grep __main__ |cut -d\: -f 1 |xargs chmod -c 755 \ - && find -L ${FUNCTEST_REPO_DIR} -name "*.sh" \ - -not -path "*functest_venv*" \ - |xargs grep \#\! |cut -d\: -f 1 |xargs chmod -c 755 - RUN wget -q https://git.openstack.org/cgit/openstack/rally/plain/install_rally.sh?h=${RALLY_TAG} -O install_rally.sh \ && bash install_rally.sh --branch ${RALLY_TAG} --yes && rm install_rally.sh |