Hello all,
I'd like to make the permissions for the container image sync
certs to be more restrictive.
diff --git a/roles/push-docker/tasks/main.yml b/roles/push-docker/tasks/main.yml
index 9baad7f..ed70253 100644
--- a/roles/push-docker/tasks/main.yml
+++ b/roles/push-docker/tasks/main.yml
@@ -13,11 +13,15 @@
copy:
src: "{{private}}/files/koji/{{docker_cert_name}}.cert.pem"
dest: "{{docker_cert_dir}}/client.cert"
+ owner: root
+ mode: 0600
- name: install docker client key for registry
copy:
src: "{{private}}/files/koji/{{docker_cert_name}}.key.pem"
dest: "{{docker_cert_dir}}/client.key"
+ owner: root
+ mode: 0600
- name: start and enable docker
service: name=docker state=started enabled=yes
Thank you,
-AdamM
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
