From bd40de4908306137f0b4f8a064cb03680d612807 Mon Sep 17 00:00:00 2001
From: Jiri Podivin <jpodivin@gmail.com>
Date: Fri, 26 Jul 2024 15:32:26 +0200
Subject: [PATCH] Explicitly setting special permissions bits

Signed-off-by: Jiri Podivin <jpodivin@gmail.com>
---
 roles/edpm_ceph_client_files/tasks/main.yml  | 2 +-
 roles/edpm_frr/tasks/configure.yml           | 4 ++--
 roles/edpm_ovn_bgp_agent/tasks/configure.yml | 2 +-
 roles/edpm_telemetry/tasks/configure.yml     | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/roles/edpm_ceph_client_files/tasks/main.yml b/roles/edpm_ceph_client_files/tasks/main.yml
index bf90e118b..3e72e4478 100644
--- a/roles/edpm_ceph_client_files/tasks/main.yml
+++ b/roles/edpm_ceph_client_files/tasks/main.yml
@@ -34,5 +34,5 @@
   ansible.builtin.copy:
     src: "{{ item }}"
     dest: "{{ edpm_ceph_client_files_config_home }}/{{ item | basename }}"
-    mode: "{{ '600' if item | regex_search('.*.keyring$') else '644' }}"
+    mode: "{{ '0600' if item | regex_search('.*.keyring$') else '0644' }}"
   loop: "{{ edpm_ceph_client_dist }}"
diff --git a/roles/edpm_frr/tasks/configure.yml b/roles/edpm_frr/tasks/configure.yml
index b06dd2417..5a4cf14d7 100644
--- a/roles/edpm_frr/tasks/configure.yml
+++ b/roles/edpm_frr/tasks/configure.yml
@@ -42,7 +42,7 @@
   ansible.builtin.template:
     src: frr.conf.j2
     dest: "{{ edpm_frr_config_basedir }}/etc/frr/frr.conf"
-    mode: '644'
+    mode: '0644'
     selevel: s0
     setype: container_file_t
   register: _frr_config_result
@@ -51,7 +51,7 @@
   ansible.builtin.template:
     src: daemons.j2
     dest: "{{ edpm_frr_config_basedir }}/etc/frr/daemons"
-    mode: '644'
+    mode: '0644'
     selevel: s0
     setype: container_file_t
   register: _frr_daemons_result
diff --git a/roles/edpm_ovn_bgp_agent/tasks/configure.yml b/roles/edpm_ovn_bgp_agent/tasks/configure.yml
index e5b1b898f..66556e104 100644
--- a/roles/edpm_ovn_bgp_agent/tasks/configure.yml
+++ b/roles/edpm_ovn_bgp_agent/tasks/configure.yml
@@ -25,7 +25,7 @@
       ansible.builtin.template:
         src: ovn-bgp-agent.conf.j2
         dest: "{{ edpm_ovn_bgp_agent_config_basedir }}/etc/ovn-bgp-agent/bgp-agent.conf"
-        mode: "644"
+        mode: "0644"
         selevel: s0
         setype: container_file_t
       register: _ovn_bgp_agent_config_result
diff --git a/roles/edpm_telemetry/tasks/configure.yml b/roles/edpm_telemetry/tasks/configure.yml
index 5663f1087..f551ee09b 100644
--- a/roles/edpm_telemetry/tasks/configure.yml
+++ b/roles/edpm_telemetry/tasks/configure.yml
@@ -70,7 +70,7 @@
   ansible.builtin.copy:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
-    mode: "{{ item.mode | default('640') }}"
+    mode: "{{ item.mode | default('0640') }}"
     remote_src: "{{ telemetry_test | default('false') }}"
   loop: "{{ configs }}"