Issue #1833
Updated by rbarlow over 8 years ago
The Node certificate is installed
world-readable:
$ ls -lah /etc/pki/pulp/nodes/
total 4.0K
drwxr-xr-x. 2 root root 21 Apr 8 16:37 .
drwxr-xr-x. 4 root root 90 Apr 8 16:37 ..
-rw-r--r--. 1 root root 3.2K Apr 8 16:37 node.crt
The fix adjusts the generation script to limit the permissions
to 0640, and to adjust the group ownership to the apache group. It
also uses the -Z flag on the mv command to ensure the correct
SELinux context is used on the installed file.
Credit also goes to Jeremy Cline (Red Hat) for independently
discovering and reporting this issue.
.