On Mon, Sep 26, 2016 at 11:03 PM, Christian Berendt < berendt at betacloud-solutions.de> wrote: > Confirmed. Please do not make configuration files world readable. > > We use volumes for the configuration file directories. Why do we not > simply use read only volumes? This way we do not have to touch the current > implementation (files are owned by the service user with 0600 permissions) > and can make the configuration files read only. > what do you mean here? use /var/lib/kolla/config_file/nova.conf file directly rathen then copy it to /etc/nova/nova.conf or mount the nova.conf to /etc/nova.conf in container directly? -- Regards, Jeffrey Zhang Blog: http://xcodest.me -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160927/66b3d394/attachment.html>