Bug 1034172

Summary: Cloud-Init: generated config-drive CD image is world-readable
Product: Red Hat Enterprise Virtualization Manager Reporter: Pavel Novotny <pnovotny>
Component: vdsmAssignee: Francesco Romani <fromani>
Status: CLOSED ERRATA QA Contact: Pavel Novotny <pnovotny>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.3.0CC: acathrow, bazulay, iheim, lpeer, mavital, michal.skrivanek, Rhev-m-bugs, sbonazzo, sherold, yeylon, zdover
Target Milestone: ---   
Target Release: 3.4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: virt
Fixed In Version: ovirt-3.4.0-beta2 Doc Type: Bug Fix
Doc Text:
Previously, when running a virtual machine once with Cloud-Init, the config-drive CD image created was world-readable. This .img file has now been set to be readable only for vdsm:qemu (that is, the permissions have been set to 640).
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-09 13:26:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Pavel Novotny 2013-11-25 11:54:06 UTC 
Description of problem:
When running a VM via Run Once with Cloud-Init, the created config-drive CD image is world readable.
Since it contains sensitive informations such as root password or SSH auth. key, it should not be readable for everyone.

Version-Release number of selected component (if applicable):
rhevm-3.3.0-0.35.beta1.el6ev.noarch (is24)

How reproducible:
100%

Steps to Reproduce:
1. In Webadmin, have a VM and run it via Run Once with some values in Initial Run/Cloud-Init section.
2. On the host the VM is running on, search the qemu process for the attached CD-ROM image file (ps aux | grep [q]emu | grep cdrom). 
It looks like: 
-drive file=/var/run/vdsm/payload/d80627d0-04f4-48d5-9335-753354c2cc29.8
1b3df31f8697cbeb6accd60218166b7.img,if=none,media=cdrom,id=drive-ide0-1-1,readonly=on,format=raw,serial=

3. Check permissions of the CD-ROM image file.

Actual results:
# ls -l /var/run/vdsm/payload/d80627d0-04f4-48d5-9335-753354c2cc29.81b3df31f8697cbeb6accd60218166b7.img
-rw-r--r--. 1 vdsm qemu 366592 21. lis 17.33 /var/run/vdsm/payload/d80627d0-04f4-48d5-9335-753354c2cc29.81b3df31f8697cbeb6accd60218166b7.img
# ^^^ the permission is 644

Expected results:
The .img file should be readable only for vdsm:qemu, not for everyone, the permission should be set to 640.

Additional info:
Comment 1 Pavel Novotny 2014-02-18 12:13:13 UTC 
Verified upstream in ovirt-engine-3.4.0-0.7.beta2.el6.noarch.

Following the reproducer in comment 0 for verification.
Results:
The attached CD image file is now no longer world-readable:

# ps aux | grep [q]emu | grep cdrom
qemu      9377 58.4  0.4 1568208 32880 ?       Sl   11:59   0:08 /usr/libexec/qemu-kvm -name cloudy -S -M rhel6.5.0 -cpu Penryn -enable-kvm -m 1024 [...snip...] -drive file=/var/run/vdsm/payload/11b2841c-03bd-43d8-8d43-4ece2392fee8.62b0aaef2741993fc8bc89d3c3bc4f58.img,if=none,media=cdrom [...snip...]
# ls -l /var/run/vdsm/payload/11b2841c-03bd-43d8-8d43-4ece2392fee8.62b0aaef2741993fc8bc89d3c3bc4f58.img
-rw-r-----. 1 vdsm qemu 366592 Feb 18 11:59 /var/run/vdsm/payload/11b2841c-03bd-43d8-8d43-4ece2392fee8.62b0aaef2741993fc8bc89d3c3bc4f58.img
Comment 2 errata-xmlrpc 2014-06-09 13:26:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0504.html