Skip to content

Upstream 16119 - Make project and private data directories#251

Merged
cigamit merged 4 commits intomainfrom
upstream16119
Feb 28, 2026
Merged

Upstream 16119 - Make project and private data directories#251
cigamit merged 4 commits intomainfrom
upstream16119

Conversation

@cigamit
Copy link
Copy Markdown
Contributor

@cigamit cigamit commented Feb 28, 2026

Python's os.mkdir creates directories with 0o777 by default.

PR is not merged yet upstream, but I validated it, and it works.

@cigamit cigamit requested a review from TheWitness February 28, 2026 05:35
@cigamit cigamit self-assigned this Feb 28, 2026
Copilot AI review requested due to automatic review settings February 28, 2026 05:35
@cigamit cigamit added SECURITY A security related issue like a CVE specifically python Pull requests that update python code labels Feb 28, 2026
Copilot AI reviewed Feb 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens filesystem permissions for job runtime directories created on execution nodes so that job private data (inventory/env/project content) is not created with overly permissive defaults.

Changes:

  • Create inventory/ and env/ subdirectories under the job private data dir with 0o700 permissions.
  • Create the project/ subdirectory under the job private data dir with 0o700 permissions.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI review requested due to automatic review settings February 28, 2026 05:40
Copilot AI reviewed Feb 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@cigamit cigamit merged commit 6d3d4bc into main Feb 28, 2026
@cigamit cigamit deleted the upstream16119 branch February 28, 2026 16:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@TheWitness TheWitness TheWitness approved these changes

Assignees

@cigamit cigamit

Labels

python Pull requests that update python code SECURITY A security related issue like a CVE specifically

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cigamit @TheWitness