Azure: make /var/lib/waagent with 0700 perms

The walinux agent expects that the files it writes with 0644 (default umask)
permissions are not globally readable.  Since we were creating the directory
for it, and using default umaks (0755), the files inside were readable to
non-priviledged users.

1 files changed, 5 insertions, 2 deletions

diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index f1419296..c90d7b07 100644
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -104,7 +104,9 @@ class DataSourceAzureNet(sources.DataSource):
                 if value is not None:
                     mycfg[name] = value
 
-        write_files(mycfg['datadir'], files)
+        # walinux agent writes files world readable, but expects
+        # the directory to be protected.
+        write_files(mycfg['datadir'], files, dirmode=0700)
 
         try:
             invoke_agent(mycfg['cmd'])
@@ -171,11 +173,12 @@ def wait_for_files(flist, maxwait=60, naplen=.5):
     return need
 
 
-def write_files(datadir, files):
+def write_files(datadir, files, dirmode=None):
     if not datadir:
         return
     if not files:
         files = {}
+    util.ensure_dir(datadir, dirmode)
     for (name, content) in files.items():
         util.write_file(filename=os.path.join(datadir, name),
                         content=content, mode=0600)