[virt-tools-list] [RFC PATCH 2/2] virt-manager: make cache directories accessible only to the owner
Giuseppe Scrivano
gscrivan at redhat.com
Fri Nov 1 16:49:21 UTC 2013
There are no reasons to expose cache files to everyone so restrict the
access to the owner.
Signed-off-by: Giuseppe Scrivano <gscrivan at redhat.com>
---
virtManager/connection.py | 2 +-
virtManager/domain.py | 2 +-
virtinst/cli.py | 2 +-
virtinst/distroinstaller.py | 2 +-
virtinst/urlfetcher.py | 2 +-
virtinst/util.py | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/virtManager/connection.py b/virtManager/connection.py
index 313f680..d93fcb2 100644
--- a/virtManager/connection.py
+++ b/virtManager/connection.py
@@ -316,7 +316,7 @@ class vmmConnection(vmmGObject):
uri = self.get_uri().replace("/", "_")
ret = os.path.join(util.get_cache_dir(), uri)
if not os.path.exists(ret):
- os.makedirs(ret, 0755)
+ os.makedirs(ret, 0700)
return ret
def get_default_storage_format(self):
diff --git a/virtManager/domain.py b/virtManager/domain.py
index b8324d5..bb93166 100644
--- a/virtManager/domain.py
+++ b/virtManager/domain.py
@@ -1649,7 +1649,7 @@ class vmmDomain(vmmLibvirtObject):
def get_cache_dir(self):
ret = os.path.join(self.conn.get_cache_dir(), self.get_uuid())
if not os.path.exists(ret):
- os.makedirs(ret, 0755)
+ os.makedirs(ret, 0700)
return ret
diff --git a/virtinst/cli.py b/virtinst/cli.py
index a2add57..e660a5e 100644
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@@ -155,7 +155,7 @@ def setupLogging(appname, debug_stdout, do_quiet, cli_app=True):
raise RuntimeError("No write access to directory %s" % vi_dir)
try:
- os.makedirs(vi_dir, 0751)
+ os.makedirs(vi_dir, 0700)
except IOError, e:
raise RuntimeError("Could not create directory %s: %s" %
(vi_dir, e))
diff --git a/virtinst/distroinstaller.py b/virtinst/distroinstaller.py
index 7acabd1..2cd041e 100644
--- a/virtinst/distroinstaller.py
+++ b/virtinst/distroinstaller.py
@@ -227,7 +227,7 @@ def _perform_initrd_injections(initrd, injections, scratchdir):
return
tempdir = tempfile.mkdtemp(dir=scratchdir)
- os.chmod(tempdir, 0775)
+ os.chmod(tempdir, 0700)
for filename in injections:
logging.debug("Copying %s to the initrd.", filename)
diff --git a/virtinst/urlfetcher.py b/virtinst/urlfetcher.py
index a31d7de..5a1d4eb 100644
--- a/virtinst/urlfetcher.py
+++ b/virtinst/urlfetcher.py
@@ -62,7 +62,7 @@ class _ImageFetcher(object):
def saveTemp(self, fileobj, prefix):
if not os.path.exists(self.scratchdir):
- os.makedirs(self.scratchdir, 0750)
+ os.makedirs(self.scratchdir, 0700)
(fd, fn) = tempfile.mkstemp(prefix="virtinst-" + prefix,
dir=self.scratchdir)
block_size = 16384
diff --git a/virtinst/util.py b/virtinst/util.py
index f79192e..5bcfbe0 100644
--- a/virtinst/util.py
+++ b/virtinst/util.py
@@ -494,7 +494,7 @@ def make_scratchdir(conn, hvtype):
not os.access(scratch, os.W_OK)):
scratch = os.path.join(get_cache_dir(), "boot")
if not os.path.exists(scratch):
- os.makedirs(scratch, 0751)
+ os.makedirs(scratch, 0700)
return scratch
--
1.8.3.1
More information about the virt-tools-list
mailing list