update rationale for netplan config permissions
Previously we had stripped the wifi config and wrote it separately with stricter permissions than normal to avoid leaking sensitive data, but now at first glance this seems redundant with all the netplan config file permissions being the same. The reason we didn't collapse everything back to one file with the permissions change is that there are scenarios in which the 00-installer-config.yaml file could purposefully be shared, so we should continue to strip known private information from that file.
This commit is contained in:
parent
5e5ef826d5
commit
7f388aded2
|
@ -38,11 +38,12 @@ class NetworkModel(CoreNetworkModel):
|
||||||
|
|
||||||
def render(self):
|
def render(self):
|
||||||
netplan = self.render_config()
|
netplan = self.render_config()
|
||||||
# We write wifi config -- which almost certainly contains secrets -- to
|
# We write the wifi config -- which almost certainly contains secrets --
|
||||||
# a separate file with more restrictive permissions. This isn't a
|
# to a separate file since it's possible the default file may
|
||||||
# perfect solution because in principle there could be wired 802.1x
|
# be shared (e.g., via apport for a bug report) and we don't want to
|
||||||
# stuff that has secrets too but the subiquity UI does not support any
|
# leak them. This isn't a perfect solution because in principle there
|
||||||
# of that yet so this will do for now.
|
# could be wired 802.1x stuff that has secrets too, but the subiquity
|
||||||
|
# UI does not support any of that yet so this will do for now.
|
||||||
|
|
||||||
# If host cloud-init version has no readable combined-cloud-config,
|
# If host cloud-init version has no readable combined-cloud-config,
|
||||||
# default to False.
|
# default to False.
|
||||||
|
@ -63,7 +64,6 @@ class NetworkModel(CoreNetworkModel):
|
||||||
}
|
}
|
||||||
else:
|
else:
|
||||||
# Separate sensitive wifi config from potentially shared config
|
# Separate sensitive wifi config from potentially shared config
|
||||||
# e.g. via apport
|
|
||||||
wifis = netplan["network"].pop("wifis", None)
|
wifis = netplan["network"].pop("wifis", None)
|
||||||
r = {
|
r = {
|
||||||
"write_files": {
|
"write_files": {
|
||||||
|
|
Loading…
Reference in New Issue