On Mon, Sep 26, 2016 at 11:03 PM, Christian Berendt < bere...@betacloud-solutions.de> wrote:
> Confirmed. Please do not make configuration files world readable. > > We use volumes for the configuration file directories. Why do we not > simply use read only volumes? This way we do not have to touch the current > implementation (files are owned by the service user with 0600 permissions) > and can make the configuration files read only. > what do you mean here? use /var/lib/kolla/config_file/nova.conf file directly rathen then copy it to /etc/nova/nova.conf or mount the nova.conf to /etc/nova.conf in container directly? -- Regards, Jeffrey Zhang Blog: http://xcodest.me
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
