Public bug reported:
focal/ussuri has an updated pkgos-gen-systemd-unit (openstack-pkg-tools)
which sets the UMask to 0027, preventing other users from any access to
files created by the service. In this case, the nova-compute service
creates instance files at run-time that libvirt needs access to.
ussuri:
drwxr-x--- 2 nova nova
/var/lib/nova/instances/1726e122-2d91-44c1-939b-dd4638df06ed
train:
drwxr-xr-x 2 nova nova
/var/lib/nova/instances/da355106-e7f0-4d23-8b4c-91defbfdd696
It seems like the best solution is to use the default UMask of 0022 for
the nova-compute systemd unit file.
Note that nova-common.postinst already sets /var/log/nova permissions to
0750, preventing other users from reading logs, which was the original
intent of having pkgos-gen-systemd-unit set UMask to 0027.
** Affects: nova (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1864922
Title:
ussuri libvirt missing access to /var/lib/nova/instances/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1864922/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
