Update /var/lib/nova directory permissions The /var/lib/nova directory is world readable. This may lead to sensitive information leakage and cloud compromise. Set /var/lib/nova directory permissions to 0750. Add libvirt-qemu user to nova group. Change-Id: Ie4c98d6e54fa75efe4fff482b275b97e368c13ee Related-Prod: https://mirantis.jira.com/browse/PROD-22088

commit: 24086bc11f9f2ee33252d1c905a367ab657f96b1 [log] [tgz]
author: Oleksandr Bryndzii <obryndzii@mirantis.com> Fri Aug 31 17:26:37 2018 +0300
committer: Oleksandr Bryndzii <obryndzii@mirantis.com> Fri Aug 31 17:38:24 2018 +0300
tree: 8e01449899dba8210d51359780dbaecd1375ca09
parent: 8ff9933e6e34b9592eb7d317ecbf8f819a0752a8 [diff]
diff --git a/nova/compute.sls b/nova/compute.sls
index 1b8c149..4cfe44f 100644
--- a/nova/compute.sls
+++ b/nova/compute.sls

@@ -50,6 +50,19 @@
     - libvirtd
 {%- endif %}
 
+user_libvirt-qemu:
+  user.present:
+  - name: libvirt-qemu
+  - groups:
+    - nova
+
+/var/lib/nova:
+  file.directory:
+    - user: nova
+    - group: nova
+    - dir_mode: 0750
+    - makedirs: True
+
 /var/lib/nova/.ssh/id_rsa:
   file.managed:
   - user: nova
commit	24086bc11f9f2ee33252d1c905a367ab657f96b1	[log] [tgz]
author	Oleksandr Bryndzii <obryndzii@mirantis.com>	Fri Aug 31 17:26:37 2018 +0300
committer	Oleksandr Bryndzii <obryndzii@mirantis.com>	Fri Aug 31 17:38:24 2018 +0300
tree	8e01449899dba8210d51359780dbaecd1375ca09
parent	8ff9933e6e34b9592eb7d317ecbf8f819a0752a8 [diff]