mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
don't create world-readable archives of LXC containers
with the default umask tar will create a world-readable archive of the container, which may contain sensitive data Signed-off-by: Evgeni Golov <evgeni@golov.de>
This commit is contained in:
parent
3b79c1621b
commit
1847f19e41
1 changed files with 5 additions and 0 deletions
|
@ -1366,6 +1366,8 @@ class LxcContainerManagement(object):
|
||||||
:type source_dir: ``str``
|
:type source_dir: ``str``
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
old_umask = os.umask(0077)
|
||||||
|
|
||||||
archive_path = self.module.params.get('archive_path')
|
archive_path = self.module.params.get('archive_path')
|
||||||
if not os.path.isdir(archive_path):
|
if not os.path.isdir(archive_path):
|
||||||
os.makedirs(archive_path)
|
os.makedirs(archive_path)
|
||||||
|
@ -1396,6 +1398,9 @@ class LxcContainerManagement(object):
|
||||||
build_command=build_command,
|
build_command=build_command,
|
||||||
unsafe_shell=True
|
unsafe_shell=True
|
||||||
)
|
)
|
||||||
|
|
||||||
|
os.umask(old_umask)
|
||||||
|
|
||||||
if rc != 0:
|
if rc != 0:
|
||||||
self.failure(
|
self.failure(
|
||||||
err=err,
|
err=err,
|
||||||
|
|
Loading…
Reference in a new issue