[Engine-patches] Change in ovirt-engine[master]: pki: set keys permission to world readable and owned by root

Wed, 27 Mar 2013 14:32:27 -0700 

Alon Bar-Lev has uploaded a new change for review.

Change subject: pki: set keys permission to world readable and owned by root
......................................................................

pki: set keys permission to world readable and owned by root

This enables all applications to access the keys.

Each key is protected by its own permissions, so we are not exposing
anything new. Engine does not generate new keys so no need to be
writable by engine.

Change-Id: Iedd916d41aca4f80a25c9ab13a240b57a5577b0b
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M Makefile
M packaging/fedora/spec/ovirt-engine.spec.in
2 files changed, 4 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/82/13382/1

diff --git a/Makefile b/Makefile
index e123c0c..c8905d9 100644
--- a/Makefile
+++ b/Makefile
@@ -309,7 +309,7 @@
 
 install_sec:
        install -dm 755 $(DESTDIR)$(PKG_PKI_DIR)/certs
-       install -dm 750 $(DESTDIR)$(PKG_PKI_DIR)/keys
+       install -dm 755 $(DESTDIR)$(PKG_PKI_DIR)/keys
        install -dm 750 $(DESTDIR)$(PKG_PKI_DIR)/private
        install -dm 755 $(DESTDIR)$(PKG_PKI_DIR)/requests
 
diff --git a/packaging/fedora/spec/ovirt-engine.spec.in 
b/packaging/fedora/spec/ovirt-engine.spec.in
index 8f9eb45..50353e2 100644
--- a/packaging/fedora/spec/ovirt-engine.spec.in
+++ b/packaging/fedora/spec/ovirt-engine.spec.in
@@ -521,10 +521,12 @@
 # create files inside:
 %dir %attr(-, %{engine_user}, %{engine_group}) %{engine_pki}
 %dir %attr(-, %{engine_user}, %{engine_group}) %{engine_pki}/certs
-%dir %attr(-, %{engine_user}, %{engine_group}) %{engine_pki}/keys
 %dir %attr(-, %{engine_user}, %{engine_group}) %{engine_pki}/private
 %dir %attr(-, %{engine_user}, %{engine_group}) %{engine_pki}/requests
 
+# not owned by engine
+%dir %{engine_pki}/keys
+
 # PKI scripts:
 %{engine_pki}/*.sh
 %{engine_pki}/*.lock


--
To view, visit http://gerrit.ovirt.org/13382
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iedd916d41aca4f80a25c9ab13a240b57a5577b0b
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to