Bug 1809463

Summary: engine-setup should set the permissions of private key files more restrictive
Product: [oVirt] ovirt-engine Reporter: Dominik Holler <dholler>
Component: Setup.Engine.OVNAssignee: Ales Musil <amusil>
Status: CLOSED CURRENTRELEASE QA Contact: Michael Burman <mburman>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.3.9.1CC: amusil, bugs, danken, dholler, dkenigsb, mperina
Target Milestone: ovirt-4.5.0Keywords: ZStream
Target Release: 4.5.0Flags: mperina: ovirt-4.5+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-engine-4.5.0 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-04-20 06:33:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Network RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1940824    

Description Dominik Holler 2020-03-03 07:59:34 UTC 
Description of problem:
Because of bug 1809458 and bug 1806276 engine-setup sets the private key files for OVN readable by hugetlbfs groups. This enables members of hugetlbfs other than OVN to read these files, too.

Actual results:
The OVN's private key files can be read by other memebers of hugetlbfs.

Expected results:
The OVN's private key files cannot be read by other memebers of hugetlbfs.
Comment 1 Dominik Holler 2020-03-10 10:42:13 UTC 
This bug could be backported to 4.4, as soon as OVS/OVN allows this.
Comment 2 Michael Burman 2022-03-22 07:48:44 UTC 
Verified on - rhvm-4.5.0-0.237.el8ev.noarch
Comment 3 Sandro Bonazzola 2022-04-20 06:33:59 UTC 
This bugzilla is included in oVirt 4.5.0 release, published on April 20th 2022.

Since the problem described in this bug report should be resolved in oVirt 4.5.0 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.