[openstack-dev] [puppet][swift] Applying security recommendations within puppet-swift

Gui Maluf guimalufb at gmail.com
Thu Sep 24 19:37:33 UTC 2015


I think we should follow bug 1458915 principles and remove any POSIX
user/group control. So all modules are consistent among which other
This hardening actions should be reported to specific package mantainers.

On Wed, Sep 23, 2015 at 6:10 PM, Alex Schultz <aschultz at mirantis.com> wrote:

> On Wed, Sep 23, 2015 at 2:32 PM, Alex Schultz <aschultz at mirantis.com>
> wrote:
> > Hey all,
> >
> > So as part of the Puppet mid-cycle, we did bug triage.  One of the
> > bugs that was looked into was bug 1289631[0].  This bug is about
> > applying the recommendations from the security guide[1] within the
> > puppet-swift module.  So I'm sending a note out to get other feedback
> > on if this is a good idea or not.  Should we be applying this type of
> > security items within the puppet modules by default? Should we make
> > this optional?  Thoughts?
> >
> >
> > Thanks,
> > -Alex
> >
> >
> > [0] https://bugs.launchpad.net/puppet-swift/+bug/1289631
> > [1]
> http://docs.openstack.org/security-guide/object-storage.html#securing-services-general
>
> Also for the puppet side of this conversation, the change for the
> security items[0] also seems to conflict with bug 1458915[1] which is
> about removing the posix users/groups/file modes.  So which direction
> should we go?
>
> [0] https://review.openstack.org/#/c/219883/
> [1] https://bugs.launchpad.net/puppet-swift/+bug/1458915
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
*guilherme* \n
\t *maluf*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150924/39b2c72f/attachment.html>


More information about the OpenStack-dev mailing list