diff options
author | Robert Schweikert <rjschwei@suse.com> | 2021-06-02 17:10:32 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-02 15:10:32 -0600 |
commit | 29ac50f2b9e7634fc59fc161d77d27e970ae8080 (patch) | |
tree | 8d5280c71dba2ad8f667e9776441aaac39bb4012 /cloudinit/stages.py | |
parent | 503e2d398660e8af5d49bdf6944a50ad793a3a31 (diff) | |
download | cloud-init-git-29ac50f2b9e7634fc59fc161d77d27e970ae8080.tar.gz |
- Create the log file with 640 permissions (#858)
Security scanners are often simple minded and complain on arbitrary
settings such as file permissions. For /var/log/* having world read is
one of these cases.
Diffstat (limited to 'cloudinit/stages.py')
-rw-r--r-- | cloudinit/stages.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/cloudinit/stages.py b/cloudinit/stages.py index bbded1e9..3688be2e 100644 --- a/cloudinit/stages.py +++ b/cloudinit/stages.py @@ -156,7 +156,7 @@ class Init(object): util.ensure_dirs(self._initial_subdirs()) log_file = util.get_cfg_option_str(self.cfg, 'def_log_file') if log_file: - util.ensure_file(log_file, preserve_mode=True) + util.ensure_file(log_file, mode=0o640, preserve_mode=True) perms = self.cfg.get('syslog_fix_perms') if not perms: perms = {} |