Set manifests to mode 600 and owner root

Manifests files can release sensitive information and therefore should
have restrictive permissions.

Change-Id: I64d6c830217a7d8b0172df2dc774079dcd1e2a68
Related-Bug: #1671842
This commit is contained in:
Gregory Haynes 2017-05-17 08:50:21 -07:00 committed by Ian Wienand
parent 1c0a5d995a
commit 57ef187632

View File

@ -34,3 +34,7 @@ echo "$DIB_ARGS" | sudo dd of=${MANIFEST_IMAGE_PATH}/dib_arguments # dib-lint:
mkdir -p ${DIB_MANIFEST_SAVE_DIR} mkdir -p ${DIB_MANIFEST_SAVE_DIR}
cp --no-preserve=ownership -rv ${MANIFEST_IMAGE_PATH} ${DIB_MANIFEST_SAVE_DIR} cp --no-preserve=ownership -rv ${MANIFEST_IMAGE_PATH} ${DIB_MANIFEST_SAVE_DIR}
# may contain passwords, etc, so limit permissions
find ${DIB_MANIFEST_SAVE_DIR} -type f | xargs sudo chown root:root # dib-lint: safe_sudo
find ${DIB_MANIFEST_SAVE_DIR} -type f | xargs sudo chmod 600 # dib-lint: safe_sudo