From ${URL} : Nir Magnezi of Red Hat reports: Description of problem: ======================= nova _base images permissions shouldn are world readable. I'd expect more strict Version-Release number of selected component (if applicable): ============================================================= Folsom. How reproducible: ================= 100% Steps to Reproduce: =================== 1. Run few instances and check the files created at /var/lib/nova/instances/_base 2. 3. Actual results: =============== nova _base images permissions are world readable. -rw-r--r--. 1 nova nova 241M Dec 31 12:16 f7e6702d38be6ef3a5a66812d56615252a7f1e04.part -rw-r--r--. 1 qemu qemu 9.8G Dec 31 12:17 f7e6702d38be6ef3a5a66812d56615252a7f1e04 -rw-r--r--. 1 qemu qemu 20G Dec 31 12:30 f7e6702d38be6ef3a5a66812d56615252a7f1e04_20 -rw-r--r--. 1 qemu qemu 40G Dec 31 12:37 f7e6702d38be6ef3a5a66812d56615252a7f1e04_40 -rw-r--r--. 1 nova nova 20G Dec 31 15:56 ephemeral_0_20_None -rw-r--r--. 1 qemu qemu 20G Dec 31 15:57 ephemeral_0_20_None_20 -rw-r--r--. 1 qemu qemu 160G Jan 1 11:28 f7e6702d38be6ef3a5a66812d56615252a7f1e04_160 -rw-r--r--. 1 nova nova 241M Jan 3 12:40 b7b22e1d8a012c9b53c28777f6669459e5524557.part -rw-r--r--. 1 nova nova 9.8G Jan 3 12:40 b7b22e1d8a012c9b53c28777f6669459e5524557 -rw-r--r--. 1 nova nova 0 Jan 3 12:40 b7b22e1d8a012c9b53c28777f6669459e5524557_20 -rw-r--r--. 1 nova nova 241M Jan 6 15:52 af7ca6734c34f038c8f65cd9c61cbcbb08bc6644.part -rw-r--r--. 1 nova nova 9.8G Jan 6 15:52 af7ca6734c34f038c8f65cd9c61cbcbb08bc6644 -rw-r--r--. 1 qemu qemu 20G Jan 6 15:53 af7ca6734c34f038c8f65cd9c61cbcbb08bc6644_20 Expected results: ================= nova _base images should be more strict
https://bugzilla.redhat.com/show_bug.cgi?id=893100 https://review.openstack.org/#/c/22278/ https://bugs.launchpad.net/nova/+bug/1129748
https://bugs.launchpad.net/nova/+bug/1129748: upstream will not fix. How do we want to proceed here?
