Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-4.15] OCPBUGS-31447: Tighten the permissions on whereabouts.conf #2324

Open
wants to merge 1 commit into
base: release-4.15
Choose a base branch
from
Open

[release-4.15] OCPBUGS-31447: Tighten the permissions on whereabouts.conf #2324

wants to merge 1 commit into from

Conversation

openshift-cherrypick-robot
Copy link

This is an automated cherry-pick of #2106

/assign rhmdnd

@rhmdnd
Tighten the permissions on whereabouts.conf
a5da3e6 
According to CIS benchmark guidance, all files according to networking
configuration should only be read/writeable to the owner (600).

This commit updates the installation script that lays down the
whereabouts.conf file to use permissions 600 instead of 644.
@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Mar 27, 2024
Merged
@openshift-ci-robot
Copy link
Contributor

@openshift-cherrypick-robot: Jira Issue OCPBUGS-22995 has been cloned as Jira Issue OCPBUGS-31447. Will retitle bug to link to clone.
/retitle [release-4.15] OCPBUGS-31447: Tighten the permissions on whereabouts.conf

In response to this:

This is an automated cherry-pick of #2106

/assign rhmdnd

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot changed the title [release-4.15] OCPBUGS-22995: Tighten the permissions on whereabouts.conf [release-4.15] OCPBUGS-31447: Tighten the permissions on whereabouts.conf Mar 27, 2024
@rhmdnd
Copy link
Contributor

rhmdnd commented Mar 27, 2024

/cherry-pick release-4.14

@openshift-cherrypick-robot
Copy link
Author

@rhmdnd: once the present PR merges, I will cherry-pick it on top of release-4.14 in a new PR and assign it to you.

In response to this:

/cherry-pick release-4.14

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Mar 27, 2024
@openshift-ci-robot
Copy link
Contributor

@openshift-cherrypick-robot: This pull request references Jira Issue OCPBUGS-31447, which is invalid:

  • expected dependent Jira Issue OCPBUGS-22995 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is ON_QA instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

This is an automated cherry-pick of #2106

/assign rhmdnd

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested review from dougbtv and jcaamano March 27, 2024 13:41
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Mar 27, 2024

@openshift-cherrypick-robot: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-network-mtu-migration-ovn-ipv6 a5da3e6 link false /test e2e-network-mtu-migration-ovn-ipv6
ci/prow/4.15-upgrade-from-stable-4.14-e2e-azure-ovn-upgrade a5da3e6 link false /test 4.15-upgrade-from-stable-4.14-e2e-azure-ovn-upgrade
ci/prow/security a5da3e6 link false /test security
ci/prow/e2e-aws-hypershift-ovn-kubevirt a5da3e6 link false /test e2e-aws-hypershift-ovn-kubevirt
ci/prow/e2e-openstack-ovn a5da3e6 link false /test e2e-openstack-ovn
ci/prow/e2e-vsphere-ovn-dualstack-primaryv6 a5da3e6 link false /test e2e-vsphere-ovn-dualstack-primaryv6
ci/prow/4.15-upgrade-from-stable-4.14-e2e-aws-ovn-upgrade a5da3e6 link false /test 4.15-upgrade-from-stable-4.14-e2e-aws-ovn-upgrade

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@dougbtv
Copy link
Member

dougbtv commented Apr 3, 2024

/lgtm

@dougbtv
Copy link
Member

dougbtv commented Apr 3, 2024

/approve

@dougbtv
Copy link
Member

dougbtv commented Apr 3, 2024

/label backport-risk-assessed

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Apr 3, 2024
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Apr 3, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Apr 3, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dougbtv, openshift-cherrypick-robot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 3, 2024
@asood-rh
Copy link

asood-rh commented Apr 3, 2024

/label cherry-pick-approved

@openshift-ci openshift-ci bot added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Apr 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dougbtv dougbtv Awaiting requested review from dougbtv

@jcaamano jcaamano Awaiting requested review from jcaamano

Assignees

@mffiedler mffiedler

@rbbratta rbbratta

@eurijon eurijon

@anuragthehatter anuragthehatter

@huiran0826 huiran0826

@rlobillo rlobillo

@asood-rh asood-rh

@jechen0648 jechen0648

@rhmdnd rhmdnd

@qiowang721 qiowang721

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet