aboutsummaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
authorCédric Ollivier <cedric.ollivier@orange.com>2017-07-02 10:16:05 +0200
committerCédric Ollivier <cedric.ollivier@orange.com>2017-07-02 11:51:16 +0200
commit3dcd1e4db7540459d3dff337684547d68fea2b44 (patch)
tree19f47729bee5edf576bf60855711c6f7075dfaff /docker
parent2c3ba281084c7e6b01c7a5612a8a43d43565331a (diff)
Apply restrictive file permissions
It conforms with [1] by creating a new venv which checks the unix permissions. As jjobs call Functest console scripts [2], all perms can be 644. Dockerfiles are updated as well. [1] https://security.openstack.org/guidelines/dg_apply-restrictive-file-permissions.html [2] https://gerrit.opnfv.org/gerrit/#/c/36805/ Depends-On: I9209e6efa1b493e24135402a46df72aaa14115d1 Change-Id: I31bc7f12b775928845e23b6b40288b0a50b87219 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
Diffstat (limited to 'docker')
-rw-r--r--docker/Dockerfile16
-rw-r--r--docker/Dockerfile.aarch6416
-rw-r--r--[-rwxr-xr-x]docker/add_images.sh0
-rw-r--r--[-rwxr-xr-x]docker/config_install_env.sh0
-rw-r--r--[-rwxr-xr-x]docker/docker_remote_api/enable_remote_api.sh0
5 files changed, 0 insertions, 32 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile
index d38713e06..a4a425885 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -101,22 +101,6 @@ RUN git clone --depth 1 -b $VIMS_TAG https://github.com/boucherv-orange/clearwat
RUN git clone --depth 1 -b $VROUTER_TAG https://github.com/oolorg/opnfv-functest-vrouter.git ${REPOS_VNFS_DIR}/vrouter
RUN git clone --depth 1 https://github.com/wuwenbin2/OnosSystemTest.git ${REPOS_DIR}/onos
-RUN find -L ${FUNCTEST_REPO_DIR} -name "*.py" \
- -not -path "*tests/unit*" \
- -not -path "*functest_venv*" \
- |xargs grep -L __main__ |cut -d\: -f 1 |xargs chmod -c 644 \
- && find -L ${FUNCTEST_REPO_DIR} -name "*.sh" \
- -not -path "*functest_venv*" \
- |xargs grep -L \#\! |cut -d\: -f 1 |xargs chmod -c 644
-
-RUN find -L ${FUNCTEST_REPO_DIR} -name "*.py" \
- -not -path "*tests/unit*" \
- -not -path "*functest_venv*" \
- |xargs grep __main__ |cut -d\: -f 1 |xargs chmod -c 755 \
- && find -L ${FUNCTEST_REPO_DIR} -name "*.sh" \
- -not -path "*functest_venv*" \
- |xargs grep \#\! |cut -d\: -f 1 |xargs chmod -c 755
-
RUN wget -q https://git.openstack.org/cgit/openstack/rally/plain/install_rally.sh?h=${RALLY_TAG} -O install_rally.sh \
&& bash install_rally.sh --branch ${RALLY_TAG} --yes && rm install_rally.sh
diff --git a/docker/Dockerfile.aarch64 b/docker/Dockerfile.aarch64
index 77c94b02f..a8f866718 100644
--- a/docker/Dockerfile.aarch64
+++ b/docker/Dockerfile.aarch64
@@ -93,22 +93,6 @@ RUN git clone --depth 1 -b $ODL_TAG https://git.opendaylight.org/gerrit/p/integr
RUN git clone --depth 1 -b $VIMS_TAG https://github.com/boucherv-orange/clearwater-live-test ${REPOS_VNFS_DIR}/vims-test
RUN git clone --depth 1 https://github.com/wuwenbin2/OnosSystemTest.git ${REPOS_DIR}/onos
-RUN find -L ${FUNCTEST_REPO_DIR} -name "*.py" \
- -not -path "*tests/unit*" \
- -not -path "*functest_venv*" \
- |xargs grep -L __main__ |cut -d\: -f 1 |xargs chmod -c 644 \
- && find -L ${FUNCTEST_REPO_DIR} -name "*.sh" \
- -not -path "*functest_venv*" \
- |xargs grep -L \#\! |cut -d\: -f 1 |xargs chmod -c 644
-
-RUN find -L ${FUNCTEST_REPO_DIR} -name "*.py" \
- -not -path "*tests/unit*" \
- -not -path "*functest_venv*" \
- |xargs grep __main__ |cut -d\: -f 1 |xargs chmod -c 755 \
- && find -L ${FUNCTEST_REPO_DIR} -name "*.sh" \
- -not -path "*functest_venv*" \
- |xargs grep \#\! |cut -d\: -f 1 |xargs chmod -c 755
-
RUN wget -q https://git.openstack.org/cgit/openstack/rally/plain/install_rally.sh?h=${RALLY_TAG} -O install_rally.sh \
&& bash install_rally.sh --branch ${RALLY_TAG} --yes && rm install_rally.sh
diff --git a/docker/add_images.sh b/docker/add_images.sh
index 919cecd8f..919cecd8f 100755..100644
--- a/docker/add_images.sh
+++ b/docker/add_images.sh
diff --git a/docker/config_install_env.sh b/docker/config_install_env.sh
index ed67994f0..ed67994f0 100755..100644
--- a/docker/config_install_env.sh
+++ b/docker/config_install_env.sh
diff --git a/docker/docker_remote_api/enable_remote_api.sh b/docker/docker_remote_api/enable_remote_api.sh
index 76e59b850..76e59b850 100755..100644
--- a/docker/docker_remote_api/enable_remote_api.sh
+++ b/docker/docker_remote_api/enable_remote_api.sh