Apply restrictive file permissions

It conforms with [1] by creating a new venv which checks the unix permissions. As jjobs call Functest console scripts [2], all perms can be 644. Dockerfiles are updated as well. [1] https://security.openstack.org/guidelines/dg_apply-restrictive-file-permissions.html [2] https://gerrit.opnfv.org/gerrit/#/c/36805/ Depends-On: I9209e6efa1b493e24135402a46df72aaa14115d1 Change-Id: I31bc7f12b775928845e23b6b40288b0a50b87219 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
author: Cédric Ollivier <cedric.ollivier@orange.com> 2017-07-02 10:16:05 +0200
committer: Cédric Ollivier <cedric.ollivier@orange.com> 2017-07-02 11:51:16 +0200
commit: 3dcd1e4db7540459d3dff337684547d68fea2b44 (patch)
tree: 19f47729bee5edf576bf60855711c6f7075dfaff /tox.ini
parent: 2c3ba281084c7e6b01c7a5612a8a43d43565331a (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/tox.ini b/tox.ini
index 5622e33f..4de5fa4a 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,5 +1,5 @@
 [tox]
-envlist = docs,pep8,pylint,py35,py27
+envlist = docs,pep8,pylint,py35,py27,perm
 
 [testenv]
 usedevelop = True
@@ -49,3 +49,14 @@ dirs =
   functest/tests/unit/odl
   functest/tests/unit/utils/test_decorators.py
 commands = nosetests {[testenv:py35]dirs}
+
+[testenv:perm]
+basepython = python2.7
+whitelist_externals = bash
+path=. -not -path './.tox/*' -not -path './.git/*' -not -path './docs/com/pres/reveal.js/*'
+commands =
+  bash -c "\
+    find {[testenv:perm]path} \( -type f -not -perm 644 -o -type d -not -perm 755 \) \
+    -exec ls -l \{\} + | grep '.' && exit 1 || exit 0"
+  bash -c "\
+    find {[testenv:perm]path} -exec file \{\} + | grep CRLF && exit 1 || exit 0"
author	Cédric Ollivier <cedric.ollivier@orange.com>	2017-07-02 10:16:05 +0200
committer	Cédric Ollivier <cedric.ollivier@orange.com>	2017-07-02 11:51:16 +0200
commit	3dcd1e4db7540459d3dff337684547d68fea2b44 (patch)
tree	19f47729bee5edf576bf60855711c6f7075dfaff /tox.ini
parent	2c3ba281084c7e6b01c7a5612a8a43d43565331a (diff)