Bug 1296995 - /var/lib/cinder/cinder-volumes is world-readable
Summary: /var/lib/cinder/cinder-volumes is world-readable
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack
Version: 8.0 (Liberty)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: async
: 8.0 (Liberty)
Assignee: Ivan Chavero
QA Contact: lkuchlan
URL:
Whiteboard:
Depends On: 1346048
Blocks: 1297408
TreeView+ depends on / blocked
 
Reported: 2016-01-08 16:30 UTC by Eric Harney
Modified: 2016-11-08 16:23 UTC (History)
7 users (show)

Fixed In Version: openstack-packstack-7.0.0-0.19.dev1702.g490e674.el7ost
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-06-29 13:57:55 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 266637 0 None None None 2016-01-13 17:32:42 UTC
OpenStack gerrit 327666 0 None None None 2016-06-15 21:57:50 UTC
Red Hat Product Errata RHBA-2016:1354 0 normal SHIPPED_LIVE openstack-packstack bug fix advisory 2016-06-29 17:57:39 UTC

Description Eric Harney 2016-01-08 16:30:10 UTC 
Description of problem:
Packstack allinone creates a /var/lib/cinder/cinder-volumes file which is used to host LVM data for Cinder users.  This file is created with permissions 644, but should be only readable by root, as it contains user data.  (It's only used to back a loopback device, not touched by Cinder itself.)

Version-Release number of selected component (if applicable):
openstack-packstack-7.0.0-0.8.dev1661.gaf13b7e.el7ost.noarch
Comment 7 Javier Peña 2016-06-10 16:11:12 UTC 
Note that openstack-packstack-7.0.0-0.18.dev1702.g490e674.el7ost caused https://bugzilla.redhat.com/show_bug.cgi?id=1344219 . It's going to be reverted until the fix described in that bz is packaged.
Comment 10 Alan Pevec 2016-06-15 21:57:51 UTC 
Fixed in Puppet modules, proper fix in Packstack was a revert of the previous patch.
Comment 11 Alan Pevec 2016-06-15 21:58:23 UTC 

*** This bug has been marked as a duplicate of bug 1346048 ***
Comment 13 lkuchlan 2016-06-23 08:38:16 UTC 
Tested using:
openstack-packstack-7.0.0-0.19.dev1702.g490e674.el7ost.noarch

[root@panther13 ~(keystone_admin)]# ls -l /var/lib/cinder/cinder-volumes
-rw-r-----. 1 root root 22118662144 Jun 23 10:44 /var/lib/cinder/cinder-volumes
Comment 15 errata-xmlrpc 2016-06-29 13:57:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1354
Note You need to log in before you can comment on or make changes to this bug.