Fix: proper permissions for systemvm template registrations on hardened systems

artem-sidorenko · artem-sidorenko · commit 1db260f1f55b · 2025-11-19T14:30:55.000+01:00
Related to #10029 (comment) We have umask 0077, so cloud-install-sys-tmplt is creating by default paths like below ``` $ ls -l /mnt/secondary/template/tmpl/ total 16 drwx------. 3 root root 4096 Nov 19 13:58 1 drwxrwxrwx. 7 root root 4096 Oct 31 09:42 2 drwxrwxrwx. 3 root root 4096 Oct 30 15:59 4 drwxr-xr-x. 2 root root 4096 Oct 31 10:21 5 $ ls -l /mnt/secondary/template/tmpl/1/ total 4 drwx------. 2 root root 4096 Nov 19 13:59 3 $ ls -l /mnt/secondary/template/tmpl/1/3/ total 549848 -rw-------. 1 root root 563032576 Nov 19 13:59 d23a1e19-c563-4f69-85ca-8721cf02082c.qcow2 -rw-------. 1 root root 287 Nov 19 13:59 template.properties ``` This results to the permissions problems later on, when trying to access the image Signed-off-by: Artem Sidorenko <artem.sidorenko@telekom.de>
diff --git a/scripts/storage/secondary/cloud-install-sys-tmplt b/scripts/storage/secondary/cloud-install-sys-tmplt
@@ -44,6 +44,7 @@ failed() {
 }
 
 #set -x
+umask 0022 # ensure we have the proper permissions even on hardened deployments
 mflag=
 fflag=
 ext="vhd"
diff --git a/scripts/storage/secondary/setup-sysvm-tmplt b/scripts/storage/secondary/setup-sysvm-tmplt
@@ -19,6 +19,7 @@
 
 # Usage: e.g. failed $? "this is an error"
 set -x
+umask 0022 # ensure we have the proper permissions even on hardened deployments
 
 failed() {
   local returnval=$1

Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,7 @@ failed() {`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`#set -x`
	`47`	`+umask 0022 # ensure we have the proper permissions even on hardened deployments`
`47`	`48`	`mflag=`
`48`	`49`	`fflag=`
`49`	`50`	`ext="vhd"`