Red Hat Bugzilla – Bug 1278414
drop requirement of 'umask' argument on cpopen
Last modified: 2016-07-26 06:42:21 EDT
Description of problem:
VDSM leverages the 'umask' argument of cpopen to make sure some image it creates have the right permissions right from the start, so possibly sensitive information from the images does not leak.
We want to make cpopen API identical to standard subprocess one, so we should find a different way to run the same command without the 'umask' argument, so we can drop it from cpopen
Version-Release number of selected component (if applicable):
The fix will be completely transparent to any user flow, otherwise it's a regression (!).
To test this change, trigger any flow which requires VDSM to build an ISO image on the fly, for example run a VM with cloud-init, or sysprep.
VM should run as usual. The newly-created image will be located under /var/run/vdsm/payload and should not be world-readable.
This bug was fixed and is slated to be in the upcoming version. As we
are focusing our testing at this phase on severe bugs, this bug was
closed without going through its verification step. If you think this
bug should be verified by QE, please set its severity to high and move
it back to ON_QA