Hello all, I'd like to make the permissions for the container image sync certs to be more restrictive.
diff --git a/roles/push-docker/tasks/main.yml b/roles/push-docker/tasks/main.yml index 9baad7f..ed70253 100644 --- a/roles/push-docker/tasks/main.yml +++ b/roles/push-docker/tasks/main.yml @@ -13,11 +13,15 @@ copy: src: "{{private}}/files/koji/{{docker_cert_name}}.cert.pem" dest: "{{docker_cert_dir}}/client.cert" + owner: root + mode: 0600
- name: install docker client key for registry copy: src: "{{private}}/files/koji/{{docker_cert_name}}.key.pem" dest: "{{docker_cert_dir}}/client.key" + owner: root + mode: 0600
- name: start and enable docker service: name=docker state=started enabled=yes
Thank you, -AdamM
infrastructure@lists.fedoraproject.org