Closed sofar closed 8 years ago
clr-cloud-init should use a mount namespace to shield mounting the config-drive in a world-readable fashion. We can use PrivateTmp=yes in the systemd unit file to do this, trivially, which will make it inaccessible elsewhere.
Fixed f666061e94d2c8055aa90eb220d57957dbf6f0ee
devimc
commented
8 years ago
clr-cloud-init should use a mount namespace to shield mounting the config-drive in a world-readable fashion. We can use PrivateTmp=yes in the systemd unit file to do this, trivially, which will make it inaccessible elsewhere.