Reviewed: https://review.openstack.org/291868 Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=3c54d097ab8549c6b275351255606b452d71f252 Submitter: Jenkins Branch: kilo commit 3c54d097ab8549c6b275351255606b452d71f252 Author: Travis Truman <travis_truman at cable.comcast.com> Date: Fri Mar 11 13:42:00 2016 -0500 rootwrap configuration must be owned by root See https://wiki.openstack.org/wiki/Rootwrap#Security_model for details Backport of changes: * I5b4354f6cc834bae2ba8962b5a283831d7ff9e4f * I2f45cc628fef706cae323840bf65645a61a26b6d * I349cafcef8e897db6e8e94e47aa6f55ae20f6f82 * I0a31173cf96b6e1bf4c19bee95702aae0c04042c Change-Id: Id72ed598bbd0b6546e8cb0eb5b45ded607ed90e9 Closes-Bug: #1556231 -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1556231 Title: Rootwrap configuration has incorrect ownership Status in openstack-ansible: Fix Committed Status in openstack-ansible kilo series: Fix Committed Status in openstack-ansible liberty series: Fix Committed Status in openstack-ansible trunk series: Fix Committed Bug description: The /etc/<openstack_service>/rootwrap.conf file and /etc/<openstack_service>/rootwrap.d directory and its contents created by the Nova, Neutron, Cinder and Ceilomer playbooks/roles are incorrectly owned by a user other than root. This is a security vulnerability inasmuch as it may allow users with lower privileges to modify the rootwrap configuration and escalate privileges. To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1556231/+subscriptions