MAAS

Merge ~troyanov/maas:fix-agent-httpproxy-sock-permissions into maas:master

  1. Git
  2. lp:~troyanov/maas
  3. fix-agent-httpproxy-sock-permissions
  4. Merge into master
Proposed by Anton Troyanov
Status: Merged
Approved by: Anton Troyanov
Approved revision: 45cae26b11adab7954cab9c747cc8a1184a030a9
Merge reported by: MAAS Lander
Merged at revision: not available
Proposed branch: ~troyanov/maas:fix-agent-httpproxy-sock-permissions
Merge into: maas:master
Diff against target: 28 lines (+7/-0)
2 files modified
debian/extras/nginx.conf (+2/-0)
src/maasagent/internal/httpproxy/service.go (+5/-0)
Reviewer Review Type Date Requested Status
MAAS Lander Approve
Adam Collard (community) Approve
Review via email: mp+461134@code.launchpad.net

Commit message

fix: set 660 permissions on httpproxy.sock

NGINX workers are running as nobody:maas

To post a comment you must log in.
Revision history for this message
Adam Collard (adam-collard) :
review: Approve
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b fix-agent-httpproxy-sock-permissions lp:~troyanov/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: FAILED
LOG: http://maas-ci.internal:8080/job/maas-tester/4721/console
COMMIT: 13b083be39cc6aa005ad1b56597e7f8e64acf37c

review: Needs Fixing
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b fix-agent-httpproxy-sock-permissions lp:~troyanov/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: c9015fa2f869517798c3d3975e0a45c71b7fa2c1

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/extras/nginx.conf b/debian/extras/nginx.conf
2index 8c5787d..ab279e2 100644
3--- a/debian/extras/nginx.conf
4+++ b/debian/extras/nginx.conf
5@@ -1,6 +1,8 @@
6 pid /run/maas-http.pid;
7 worker_processes auto;
8
9+user nobody maas;
10+
11 error_log /var/log/maas/http/error.log;
12
13 events {
14diff --git a/src/maasagent/internal/httpproxy/service.go b/src/maasagent/internal/httpproxy/service.go
15index c9bb1eb..94e4172 100644
16--- a/src/maasagent/internal/httpproxy/service.go
17+++ b/src/maasagent/internal/httpproxy/service.go
18@@ -127,6 +127,11 @@ func (s *HTTPProxyService) Configure(ctx tworkflow.Context, systemID string) err
19 return err
20 }
21
22+ //nolint:gosec // we know what we are doing here and we need 0660
23+ if err := os.Chmod(s.socketPath, 0660); err != nil {
24+ return err
25+ }
26+
27 // XXX: While httpproxy-service service is consumed through socket via NGINX
28 // there is nothing bad about not setting the timeout on the listener/server/
29

Subscribers

People subscribed via source and target branches