[openstack-dev] [kolla] the user in container should NOT have write permission for configuration file

Jeffrey Zhang zhang.lei.fly at gmail.com
Mon Sep 26 16:34:49 UTC 2016


On Mon, Sep 26, 2016 at 11:03 PM, Christian Berendt <
berendt at betacloud-solutions.de> wrote:

> Confirmed. Please do not make configuration files world readable.
>
> We use volumes for the configuration file directories. Why do we not
> simply use read only volumes? This way we do not have to touch the current
> implementation (files are owned by the service user with 0600 permissions)
> and can make the configuration files read only.
>

​what do you mean here?

use /var/lib/kolla/config_file/nova.conf file directly rathen then copy it
to /etc/nova/nova.conf
or mount the nova.conf to /etc/nova.conf in container directly?

​



-- 
Regards,
Jeffrey Zhang
Blog: http://xcodest.me
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160927/66b3d394/attachment.html>


More information about the OpenStack-dev mailing list