From b23fb97c97d02615c0eef428ebd223b6baced952 Mon Sep 17 00:00:00 2001
From: Corey Bryant <corey.bryant@canonical.com>
Date: Thu, 7 Oct 2021 09:57:27 -0400
Subject: [PATCH] Limit metrics_socket_file permissions

This limits the metrics_socket_file permissions to 0o660. Prior
to this change, symbolic constants were used, resulting in
0o707 permissions.

Closes-Bug: #1945533
Change-Id: I009ffbc10d3400881c6f8b2178494ba180d6549f
---
 oslo_metrics/__main__.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/oslo_metrics/__main__.py b/oslo_metrics/__main__.py
index d35a768..704e4fe 100644
--- a/oslo_metrics/__main__.py
+++ b/oslo_metrics/__main__.py
@@ -17,7 +17,6 @@ import os
 import select
 import signal
 import socket
-import stat
 import sys
 import threading
 from wsgiref.simple_server import make_server
@@ -97,7 +96,7 @@ def main():
     socket_path = cfg.CONF.oslo_metrics.metrics_socket_file
     m = MetricsListener(socket_path)
     try:
-        os.chmod(socket_path, stat.S_IRWXU | stat.S_IRWXO)
+        os.chmod(socket_path, 0o660)
     except OSError:
         LOG.error("Changing the mode of the file failed.... continuing")
     mt = threading.Thread(target=m.serve)